Cyber Incident Victim: Shields Health Care Group
Date:
Oct 2019
Location:
United States of America
Summary
Shields Health Solutions experienced unauthorized access to an employee email account, compromising patient information including names, dates of birth, medical record numbers, provider details, prescription and clinical data, insurer information, and limited claims records. The organization secured the account promptly, engaged a cybersecurity firm for investigation, and found no evidence of data misuse. Notifications were sent to affected individuals, alongside establishing a dedicated support line, while implementing enhanced security measures such as multi-factor authentication to mitigate future risks. Social Security numbers and financial account details were not involved in the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 24, 2019, Shields Health Solutions, a specialty pharmacy service provider for hospitals and healthcare entities, detected suspicious activity involving an employee’s email account. The organization immediately secured the compromised account and engaged a cybersecurity firm to investigate the incident. The forensic investigation determined that an unauthorized individual had accessed the single employee email account during a two-day period from October 22 to October 24, 2019. Analysis revealed the account contained protected health information belonging to patients, though there was no evidence suggesting any data had been accessed or misused by the intruder. The exposed information included patient names, dates of birth, medical record numbers, healthcare provider names, prescription details, clinical information, insurance carrier names, and limited claims-related data. Notably absent from the compromised records were Social Security numbers and financial account information, which were not stored in the affected email account.
Shields Health Solutions initiated patient notification procedures on December 16, 2019, mailing letters to all individuals potentially impacted by the breach. The organization established a dedicated call center operational Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time to address patient inquiries, advising those who hadn’t received notification by March 2, 2020, to contact 844-967-1230. Affected patients were instructed to review their healthcare provider statements for discrepancies and report any unrecognized services immediately. While reiterating no evidence of information misuse, Shields acknowledged the incident’s potential to cause concern and inconvenience. In response to the breach, the organization implemented enhanced security measures including the adoption of multi-factor authentication for employee email accounts to strengthen defenses against similar future incidents. The investigation and response activities concluded without public disclosure of the total number of affected patients or specific technical details regarding the unauthorized access methodology.