Contents:
Shields Health Care Group (SHCG), a medical service provider in the United States, announced a data breach that compromised the personal information of more than 2.3 million people. Shields reported the breach to the Maine Attorney General on April 19, 2023, after discovering that a cyberattack had exposed sensitive customer information stored on the company’s computer system.
SHCG’s systems were breached by unknown attackers in March of 2022. According to the breach notification letter SHCG sent to affected users, the company was made aware of suspicious activity on March 28 and had concerns that the incident exposed customer data.
The investigation determined an unknown actor gained access to certain Shields systems from March 7, 2022, to March 21, 2022. Furthermore, the investigation revealed certain data was acquired by the unknown actor within that time frame.
Threat actors obtained victims’ full names along with their driver’s license numbers and other non-driver ID card numbers, according to the company’s data breach notification to the Office of the Maine Attorney General. More than 2,300,000 people were affected by the breach.
Revealing driver’s licenses and ID numbers can potentially lead to security concerns for individuals, as the information may be exploited by malicious actors for identity theft.
Upon discovery, we immediately activated our incident response protocols, notified law enforcement, and launched an investigation to confirm the nature of the activity and the scope of potentially impacted data.
The company stated that it will offer credit monitoring and identity theft protection services to affected customers for 24 months without any cost, explains Cyber News.
SHCG offers management and imaging services for healthcare providers. The company provides medical imaging services, including radiation oncology, MRI, PET and CT scans, and other related products and services.
SHCG’s notice of the security incident is available here.
If you’re interested in learning more about how to build a multi-layered cybersecurity plan for your organization, make sure you read this piece: How to Create a Successful Cybersecurity Strategy.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.