Shields, which provides imaging and outpatient surgical services, said the facility’s affected partners include Emerson Hospital, Tufts Medical Center and Central Maine Medical Center. Compromised information includes full names, social security numbers, dates of birth, home addresses, provider information, diagnoses, billing information, insurance numbers, medical card numbers, and patient IDs.
However, Shields stated that he had no evidence that the personal information was used for theft or fraud.
Shields reported the breach to the HHS Office of Civil Rights on May 27, according to the HHS hack portal. HHS gives entities covered by the Health Insurance Portability and Accountability Act 60 days from the date a data breach is discovered to notify the department.
Shields returned a request for comment.
Hacking and IT breach incidents like the Shields incident accounted for nearly three-quarters of healthcare data breaches in 2021, including the top 10 breaches of last year.