What We Can Learn From a Cyber Attack on a Massachusetts Healthcare Group
Cyber attacks are on the rise across the nation and the globe. The attacks are targeting private, public, and government agencies as well as small and large businesses. Just last month, a Massachusetts Healthcare group, Shields Health Care reported that the sensitive information of two million people was accessed during a cyberattack on the organization.
What is Shields Health Care Group?
Shields Health Care Group provides MRI, radiology, and ambulance services to dozens of hospitals and medical facilities within the New England region. Some high-profile facilities and hospitals including Emerson, UMass, Tufts, Wellesley, and more were impacted by this attack.
Suspicious Activity Noticed
Shields became aware of suspicious activity around March 18th. They believe that hackers were in their systems from March 7 to March 21 of this year. In their report to federal and state authorities, they explained that the hackers were able to gain access to databases that contained full names, Social Security numbers, dates of birth, home addresses, provider information, diagnosis, billing information, and insurance numbers. They also obtained medical record numbers, patient IDs, and other medical or treatment information.
Recovery & Notification Actions
Just like any organization that has been the target of a cyber attack, Shields took action on several levels to both identify the data that was accessed, and how to recover it and has taken steps on legal notifications to the authorities and patients whose data was compromised. One of the first things the organization did that is required was to notify several agencies including federal law enforcement agencies and state regulators. The incident was also reported to the U.S. Department of Health and Human Services Office for Civil Rights. From there, Shields Health Care Group posted a notification on their site which includes an explanation of what happened, what data was accessed, what the organization is doing in response to the event, and what affected individuals can do to protect their information. They also explain on their site steps their clients can take to protect their information such as monitoring accounts and putting a credit freeze on their accounts through a credit reporting bureau.
A Final Word on the Healthcare Industry & Cyber Attacks
This story of Shields Health Care Group is not unique and it is one we seem to be hearing over and over again. This time, unfortunately, it was in our own backyard, bringing many to understand that they are not immune to hackers. Hearing these stories and how each organization responds may help your company learn how to increase awareness, prevent future attacks, and prepare for future issues. The healthcare industry has seen a dramatic rise in hacking, ransomware, and phishing scams over the past few years. According to reports by cyber experts, there has been a dramatic escalation of attacks on the healthcare industry since 2015 with no signs of stopping. The pandemic has left far too many organizations vulnerable and the more you step up your security protocols and prepare for these attacks, the better situated you will be should the attack be aimed at your organization.