Shields Health Care Group, Inc. experienced a cyberattack in March 2022, which exposed the personally identifiable information (PII) and protected health information (PHI) of possibly as many as two million people. The complaint alleges that Shields was “as soft target for cyber thieves” and that the attack “was the result of inadequate security precautions” on Shields’s part.
The Nationwide Class is all residents of the US whose PII or PHI was accessed or otherwise compromised as a result of the Shields Health data breach.
The Maryland Class is all residents of Maryland whose PII or PHI was accessed or otherwise compromised as a result of the Shields Health data breach.
Shields, the complaint claims, is the largest network of MRI providers in New England, its services including radiation oncology, PET/CT scans, MRIs, and ambulatory surgical services. It offers management and imaging services to more than forty health care facilities in Maine, New Hampshire, and Massachusetts.
The data breach occurred between March 7 and 21, 2022, but the complaint alleges that Shields did not announce it until it posted a notice on its website on or around June 7, 2022. The information exposed, Shields said, included names, addresses, Social Security numbers, dates of birth, billing information, diagnosis, health insurance numbers and information, medical record numbers, and other medical and treatment information.
According to the complaint, the company has told patients that “Shields takes the confidentiality, privacy and security of information in our care seriously.”
The complaint says that the attack was “foreseeable,” claiming, “It is well known … that [cyberattacks] against health care organizations such as [Shields] are targeted and frequent. Such data breaches against the health care sector have become widespread.”
Both the Federal Bureau of Investigation (FBI) and US Secret Service has issued warnings to potential targets of data breaches in recent years, the complaint says. It also faults Shields for allowing so much time to pass between discovering the data breach and telling customers about it.
The complaint alleges, “Medical Records are uniquely valuable to hackers. … And health care providers, such as Shields Health, have been aware of this for a number of years as well as the need to take adequate measures to secure their systems and information.”
According to the complaint, Shields’s failure to protect the consumer health information it maintains is a violation of what the complaint calls “the HIPPA Privacy Rule,” presumably the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, which protects consumer PHI.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Shields Health Care Exposure of Patient Information Complaint
June 23, 2022
Shields Health Care Group, Inc. experienced a cyberattack in March 2022, which exposed the personally identifiable information (PII) and protected health information (PHI) of possibly as many as two million people. The complaint alleges that Shields was “as soft target for cyber thieves” and that the attack “was the result of inadequate security precautions” on Shields’s part.
Shields Health Care Exposure of Patient Information ComplaintCase Event History
Shields Health Care Exposure of Patient Information Complaint
June 23, 2022
Shields Health Care Group, Inc. experienced a cyberattack in March 2022, which exposed the personally identifiable information (PII) and protected health information (PHI) of possibly as many as two million people. The complaint alleges that Shields was “as soft target for cyber thieves” and that the attack “was the result of inadequate security precautions” on Shields’s part.
Shields Health Care Exposure of Patient Information Complaint