Shields Health Care Group, Inc. (“Shields”) recently became aware of suspicious activity on its network. Shields provides management and imaging services on behalf of the health care facilities (“Facility Partners”) listed below. With the assistance of third-party forensic specialists, we took immediate steps to contain the incident and to investigate the nature and scope of the incident. Shields is issuing this notice on behalf of itself and the Facility Partners to communicate what is known about the incident, our response, and steps impacted individuals can take, if deemed appropriate. Certain patients of these Facility Partners may be impacted.
What Happened? On March 28, 2022, Shields was alerted to suspicious activity that may have involved data compromise. Shields immediately launched an investigation into this issue and worked with subject matter specialists to determine the full nature and scope of the event.
This investigation determined that an unknown actor gained access to certain Shields systems from March 7, 2022 to March 21, 2022. Furthermore, the investigation revealed that certain data was acquired by the unknown actor within that time frame. Although Shields had identified and investigated a security alert on or around March 18, 2022, data theft was not confirmed at that time.
What Information Was Involved? To date, we have no evidence to indicate that any information from this incident was used to commit identity theft or fraud. However, the type of information that was or may have been impacted could include one or more of the following: Full name, Social Security number, date of birth, home address, provider information, diagnosis, billing information, insurance number and information, medical record number, patient ID, and other medical or treatment information. Shields review of the impacted data is ongoing.
What Are We Doing? Shields takes the confidentiality, privacy, and security of information in our care seriously. Upon discovery, we took steps to secure our systems, including rebuilding certain systems, and conducted a thorough investigation to confirm the nature and scope of the activity and to determine who may be affected. Additionally, while we have safeguards in place to protect data in our care, we continue to review and further enhance these protections as part of our ongoing commitment to data security.
We have notified federal law enforcement, and will be reporting this incident to relevant state and federal regulators. Further, once we complete the review of the impacted data, we will directly notify impacted individuals where possible so that they may take further steps to help protect their information, should they feel it is appropriate to do so.
What Can Affected Individuals Do? While we have no evidence to indicate identity theft or fraud occurred as a result of this incident, we encourage impacted individuals to review Steps You Can Take to Help Protect Your Information, which is included below.
For More Information. We understand you may have additional questions concerning this incident. Individuals can direct questions to (855) 503-3386. The call center hours will be 8:00am-5:30pm Central Time, Monday through Friday, excluding major U.S. holidays.