Shields Health Care Group (Shields), a U.S. medical device company, was hacked recently, leaking the medical data of about 2 million Americans.

Shields is a Massachusetts-based healthcare provider specializing in MRI and PET/CT diagnostic imaging, radiation oncology, and ambulatory surgery services.

According to a data breach notification posted on the company’s website, Shield was found to have suffered a cyber attack on March 28, 2022, and has hired cyber security experts to investigate the incident.

Examination of the log files revealed that hackers gained access to Shields’ systems between March 7, 2022 and March 21, 2022, potentially accessing data containing the following patient information:

full name

social Security number

date of birth

family address

provider information


Billing Information

Insurance Number and Information

Medical record number

patient number

Other medical or therapeutic information

The above information can be used for social engineering, phishing, scams, and even extortion and is generally considered extremely sensitive information.

Shields claims there is no evidence that any of the stolen information was misused or distributed through illegal channels. Still, it may only be a matter of time before these data are made public. Often, such stolen information is traded on the online black market and used in small-scale targeted attacks before being resold to lower-level attackers involved in mass exploitation.

Huge Influence

While the incident notification did not reveal how many patient data was compromised, it learned from the U.S. Department of Health’s Office of Civil Rights portal that 2 million people were affected.

Because Shields’ operations work closely with hospitals and medical centers, the consequences of the security incident were far-reaching, affecting 56 medical facilities and their patients. Several prominent medical institutions, including Tufts Medical Center, Emerson Hospital, Winchester Hospital, Falmouth Hospital and Maine Central Medical Center, were affected by the incident.

Data protection by VM backup solution is necessary for all enterprises and individuals. Patient information in medical institutions is very important because of being related to the patient’s personal privacy. Medical institutions are different from enterprises in that they serve patients. The patient’s experience and the security of information are far more important than the experience of ordinary people. Therefore, medical institutions should pay more attention to data security. Not only patient information, but also the core technical data of medical institutions themselves are very important. To protect data, it is necessary to do data disaster recovery backup.

Leave a Reply