Shields Health Care Group (SHCG), a US medical service provider, disclosed a data breach impacting over 2.3 million people whose sensitive data was exposed.
Unknown attackers penetrated SHCG’s systems in March 2022. The company was alerted to suspicious activity on March 28, fearing the compromise involved exposing customer data, the breach notification letter SHCG sent to affected users states.
“The investigation determined an unknown actor gained access to certain Shields systems from March 7, 2022, to March 21, 2022. Furthermore, the investigation revealed certain data was acquired by the unknown actor within that time frame,” reads the letter.
SHCG provides management and imaging services on behalf of healthcare providers. The company offers medical imaging, radiation oncology, MRI, pet and CT scans, and other related products and services.
The company’s data breach notification to the Office of the Maine Attorney General shows that threat actors got their hands on victims’ full names in combination with their driver’s license numbers and other non-driver ID card numbers. The breach impacted over 2.3 million people.
Exposing driver’s licenses and ID numbers poses serious security risks for victims, as threat actors can use the data for identity fraud.
“Upon discovery, we immediately activated our incident response protocols, notified law enforcement, and launched an investigation to confirm the nature of the activity and the scope of potentially impacted data,” the medical provider’s letter said.
The company said it would provide impacted customers with credit monitoring and identity theft protection services free of charge for 24 months.
Your email address will not be published. Required fields are markedmarked