A cyberattack on Shields Health Care Group Inc. may have compromised the identity and medical information of approximately 2 million people, the imaging and outpatient surgical center company disclosed.
Shields said the compromised data could include full names, social security numbers, dates of birth, home addresses, provider information, diagnoses, billing information, insurance numbers and information, medical record numbers, patient IDs, and other medical or treatment information. Shields said it is still conducting a review of the impacted data, and didn’t have evidence that any of the information from the incident was used to commit identity theft or fraud.
Shields said it notified federal law enforcement, would report the incident to state and federal regulators, and planned to directly notify impacted individuals where possible after it completes a review. The company notified federal officials of the breach on May 27. Heath Renfrow, co-founder of FENIX24, a Tennessee-based cybersecurity restoration company, said there has been a steady increase of cyberattacks since 2015, particularly on health care. Hackers typically use stolen data to ransom companies for money, or they sell it on the dark web.