Micale said she quickly called up her bank and put a freeze on her account. But that put her trip to Boston with her husband, the first after over a year of long COVID, on hold.
“It was really stressful,” she said. “I had to cancel all my reservations and start over from scratch.”
Micale is far from the only Massachusetts resident to be impacted by a data breach in recent years.
A new Globe analysis of state data shows just how off-the-charts the problem has become. In 2022, 1.9 million Massachusetts resident accounts were impacted by data breaches. The following year, that number spiked to more than6.9 million accounts, fueled in part by large-scale breaches, including one that affected more than 2 million Harvard Pilgrim Health Care accounts.
Advertisement
So far this year, the numbers are already above the historical average, though not quite as striking as 2023, with 1.8 million accounts breached through September.
The overall uptick is “a trend around the world,” said Stuart Madnick codirector of MIT’s flagship cybersecurity consortium. “It’s no surprise that Massachusetts is part of the uptick.”
As more data than ever, including sensitive personal banking and health care information, is stored on the internet, breaches are becoming increasingly common, he and others said. Meanwhile, hacker groups are also becoming more sophisticated, putting more people at risk of fraud and identity theft.
Advertisement
Stuart Madnick, professor at MIT, held one of the letters he received regarding data breaches. Suzanne Kreiter/Globe Staff
Across the United States, an estimated 353 million accounts fell victim to data breaches last year, according to the Identity Theft Resource Center, a national nonprofit that provides cost-free assistance to identity theft victims. The total number of breaches was 72 percent higher than the previous record year of 2021.
Data breach victims can suffer serious financial and personal repercussions after their information is compromised. For consumers, their financial information could be sold on the dark web, where scammers can purchase it and rack up debt in their name.
The burden of dealing with the consequences, such as contesting fraudulent charges, often falls on consumers.
Doing so can prove challenging even for tech-savvy people like Leigh Graham, a Johns Hopkins researcher, whose personal data has been breached at least twice in the past year, including when her employer was breached.
Graham, who lives in Northampton, said she struggled to navigate credit bureau websites to freeze her credit report after she noticed that someone spent $550 on Ticketmaster in her name.
“I’m 49, but I feel like I don’t understand what I’m looking at,” she said. “The onus is so on the individual consumer to fix everything.”
Advertisement
Companies impacted by data breaches may find themselves paying hefty ransom to keep their clients’ data from being published online.
That’s what happened to Change Healthcare, a subsidiary of United Health, a national conglomerate. It paid a $22 million ransom earlier this year to a hacking group that stole protected health information from their systems. The health care group acknowledged that the stolen data could include information on a “substantial proportion of people in America.” Massachusetts data indicates that tens of thousands of residents were caught up in the breach.
Screenshots of some of the hacked data ended up online, despite the ransom payment. The hack also reportedly led to problems for patients in getting prescriptions approved at hundreds of medical facilities across the country.
In Massachusetts, both national behemoths, like T-Mobile, and smaller organizations, like the Roman Catholic Diocese of Fall River, have been hit by data breaches in recent years, data shows. Even state government employees have been targeted.
At smaller organizations, experts say it’s a daunting task for IT teams with limited resources to compete with large international hacking organizations.
Advertisement
“A lot of [small] organizations have to face a cost-benefit tradeoff, and sometimes just have to accept a certain level of risk,” said Saroja Hanasoge, director of advisory services at CyberTrust Massachusetts, which partners with cities and organizations across the state to beef up their cybersecurity.
The largest reported hack affecting Massachusetts residents since 2017 happened last year, when Harvard Pilgrim Health Care revealed a breach that affected over 2.1 million state client accounts. Harvard Pilgrim is a subsidiary of Point32Health, the second biggest health insurance company in the state, and provides coverage at dozens of hospitals in Massachusetts alone.
In an open letter written to clients after the hack, the nonprofit said hackers may have gotten access to files containing client names, Social Security numbers, dates of birth, tax identification numbers, and patient clinical information, such asmedical diagnoses and treatments.
“We want to assure you that we are taking this incident extremely seriously, and we deeply regret any inconvenience this incident may cause,” the group’s letter said.
A spokesperson for Harvard Pilgrim declined to speak about the breach.
Advertisement
Bad actors are becoming more sophisticated
Experts say it’s now far easier for bad actors to go online and buy hacking services at low cost, often using cryptocurrencies like Bitcoin.
For-hire hacking groups do a lot of the technical work that everyday thieves would ordinarily not have the know-how to pull off, said Kevin Powers, director of the cybersecurity program at Boston College. Some of the hacking groups even offer affordable subscriptions.
For as little as $40 a month “you can get yourself a monthly subscription for a criminal enterprise,” Powers said.
He added that schemers also now use artificial intelligence services available on the dark web that are built to make hacking easy. Many hacking groups have begun using the AI services to make highly personalized phishing emails that are much harder to spot as fraudulent.
Advertisement
Even in cases where federal investigators manage to shut down a big hacking network, they will often reappear online, sometimes from a different country.
Hackers also have the benefit of bigger and easier targets to crack in recent years, as a growing number of companies are putting troves of data on poorly set up cloud servers with minimal protections.
“The bad guys are getting badder faster than the good guys are getting better,” Madnick of MIT said.
Some of those bad guys have even managed to break into Madnick’s accounts multiple times.
“You can be the most careful person in the world and there is no way to guarantee they won’t break in,” he said. “Don’t assume you are safe.”
Advertisement
Scooty Nickerson can be reached at scooty.nickerson@globe.com.
Max McColgan of Nashawtuc CC and Joseph Lenane of George Wright GC shared the Harry B. McCracken Jr. medal after finishing a rain-suspended second round of stroke play at 3-under-par in the 118th Massachusetts Amateur at Winchester Country Club on Wednesday.
McColgan and Lenane advanced into match play as the top two seeds, but only one of them advanced past the Round of 32. McColgan beat Dylan Greenwald of The Haven CC, 2-and-1, but Lenane fell to No. 31 seed Ricky Stimets of Barnstable Golf on the 19th hole of their match. Stimets will face Zachary Georgantas of Foxborough CC in the Round of 16 after Georgantas needed 21 holes to beat Joey Monahan at his home course.
Patrick Kilcoyne, who was the runner-up last year at GreatHorse, finished stroke play tied for third with 2024 champion Matthew Naumec at 2-under. Kilcoyne scored a 1-up victory over Winchester CC’s Jake Peer in match play, while Naumec won a thriller over Kyle Tibbetts in 22 holes in the final match of the day.
Elsewhere in the round of 32, No. 27 seed Maxx Zides finished 1 up over No. 6 seed Sam Grindle, while No. 24 seed Ben Spitz held on to finish 1 up on No. 9 seed Conner Willett as well.
Advertisement
Match play will continue on Thursday, with McColgan teeing off against C.J. Winchenbaugh at 7:30 a.m. in the round of 16 to start a busy day of action on the course. A 36-hole final is scheduled for Friday.
Amid fanfare, reflecting pool was added to Worcester Common in 1971, a tribute to WWII veterans.
Looking for a way the kids can cool off after the Fourth of July heat wave?
In addition to numerous public beaches and pools, central Massachusetts has multiple splash pads open this time of year, offering the perfect way for children to enjoy being in the water without the hassle of a beach day. While some are ticketed, many of the region’s splash pads are free, with parks, playgrounds and other recreational areas attached.
Advertisement
Here are 10 splash pads where you can beat the heat in central Massachusetts this summer.
Tacoma Street Spray Park
Decked out with umbrellas and chairs, green water buckets and a frog to run under, Tacoma Street Spray Park is one of Worcester’s newer spray parks, located on the 18.9-acre Tacoma Street Playground. The park also has a basketball court and picnic area.
Like all of Worcester’s splash pads, Tacoma Street Spray Park is open from noon to 7 p.m. daily through Sept. 7. Located at 345 Tacoma St. in Worcester.
Park Hill Splash Park
This small splash pad in Fitchburg features rainbow rings to run through and a large sun design painted on the ground. The splash pad is part of Park Hill Park, which also has a skateboard park, two playgrounds, a basketball court, several baseball fields and restrooms.
Advertisement
Park Hill Splash Park is open from 11 a.m. to 6 p.m. daily from June through August. Lifeguards are always onsite, and parking is available off Pratt Road in Fitchburg.
Cowabunga Splash Park
Davis Farmland in Sterling is back for a second year with Cowabunga Splash Park, the largest zero-depth water spray park in New England. Built with a state-of-the-art, computer-controlled water filtration system, the park features every kind of mister and sprinkler imaginable, including horse cannons, a water tunnel, a water table, a toddler spray pad and more. The park also has a giant slip-and-slide, an inflatable water slide and a huge water tower.
Admission to Davis Farmland, which includes access to over 50 activities, costs $35.95 for adults or $32.95 for seniors over 60, though tickets cost more at the gate.
COWabunga Splash Park is open from 9:30 a.m. to 4:30 p.m. every day from now through Labor Day, with the water slide and slip-and-slide opening at 10:30 a.m. Davis Farmland is located at 145 Redstone Hill Road in Sterling.
Advertisement
More: Looking for the best summer activity in Worcester County? Readers voted for this spot
Cristoforo Colombo Spray Park
Cristoforo Colombo Spray Park is a larger spray pad full of bright colors, water spouts and buckets dropping water from above. It is attached to Cristoforo Colombo Park, which also has a playground, fields, basketball courts and a baseball diamond.
The spray park is open from noon to 7 p.m. daily at 180 Shrewsbury St. in Worcester.
Fournier Park Splash Pad
Located inside the Arthur A. Fournier Sr. Memorial Park, this splash pad spouts water from various flowers, a frog and even a dragon. The water must be turned on by pressing an orange button on the pavilion side of the splash pad, and it runs for 12 to 14 minutes at a time.
Advertisement
This splash pad is open daily from 10 a.m. to 8 p.m., starting Memorial Day weekend and lasting through Labor Day. Located at 525 Litchfield St. in Leominster.
Ghiloni Park Splash Pad
Ghiloni Park in Marlborough also has a splash pad with flowers and frogs, located right next to the park’s playground. Water is activated by placing a hand on the sensor of the green activator pole.
The Ghiloni Park Splash Pad is open from June 2 through Sept. 7, with daily hours from 10 a.m. to 5 p.m. Located at 239 Concord Road in Marlborough.
University (Crystal) Spray Park
Just opened last year, the splash pad at Worcester’s University Park features various tall water spouts for the kids to run through, surrounded by a playground, walking trails, pond views and plenty of umbrellas.
Advertisement
From now through Sept. 7, the spray park is open daily from noon to 7 p.m. Located at 965 Main St. in Worcester.
Philbin Memorial Park and Splash Pad
Clinton’s Philbin Memorial Park has a newly renovated splash pad that turns on by touching the top of the red fire hydrant. The water runs for four to five cycles and then rests for 10 to 15 minutes.
Philbin’s splash pad is open daily from Memorial Day to Labor Day, with hours from 9 a.m. to 7:30 p.m. Located at Berlin and Wilson streets in Clinton.
Carbuncle Pond Splash Pad
Advertisement
Located right next to the beach at Carbuncle Pond, this colorful splash pad is conveniently equipped with lifeguard staffing, concessions and indoor public restrooms. Resident and nonresident passes are sold online or at the gate.
The splash pad and the beach are open daily from 11 a.m. to 5 p.m. at 495 Main St. in Oxford.
Beat the heat: Get into the swim with free lessons at these Worcester beaches, pool
Greenwood Spray Park
Attached to a new playground, Greenwood Park’s splash pad has various sprinklers and buckets of water. The spray park usually has an attendant, and bathrooms are attached.
Advertisement
Worcester’s Greenwood Spray Park is open from noon to 7 p.m. daily through Sept. 7. Located at 14 Forsberg St. in Worcester.
A Holbrook, Massachusetts man who fell critically ill while sailing through the South Pacific has died, his family told WBZ-TV Tuesday evening.
Scott Winslow was in intensive care at a hospital in Fiji for weeks, as his family fought to get him back home so he could be treated for septic shock and a serious infection.
Winslow’s wife and two daughters had made the 8,000-mile trip to be with him and fight for his care when he died.
“We are at the hospital and just said goodbye to our father,” his daughters told WBZ-TV. “We are heartbroken.”
Advertisement
Winslow was traveling on his nephew’s sailboat in the South Pacific on what was supposed to be a three-month voyage when he noticed what appeared to be a bug bite.
His family isn’t sure exactly what the cause of the illness was, but his condition quickly deteriorated, and he could no longer walk once they diverted the boat to Fiji.
The family provided WBZ medical documents from doctors in Fiji, who said he needed to be evacuated to another hospital.
The family said his insurance company, Aetna, denied the transport and the medical flight to get Winslow home would have cost hundreds of thousands of dollars.
Winslow’s family said they had secured medical services with the Mass General Brigham group if he got back to Massachusetts.
Advertisement
“I don’t understand. My problem is, my parents pay for insurance, this is what insurance is for,” Lisa Babbin, Scott’s daughter told WBZ-TV earlier on Tuesday.
Before Winslow died, WBZ-TV reached out to Aetna. In a statement, a spokesperson said they were continuing to work with Winslow’s family “and his providers in Fiji to identify the best way to get him back safely to the United States for continued treatment.”
The Winslow family had also reached out the U.S. Embassy in Fiji for help securing an emergency loan.