Northwest Radiologists, a medical imaging provider based in Bellingham, Washington, has confirmed a major data breach that exposed the personal information of approximately 350,000 individuals in the state.

The breach stemmed from a network disruption that occurred on January 25, 2025, though new findings reveal that attackers had already infiltrated the systems as early as January 20. Initially disclosed in March, the incident is now confirmed to have involved unauthorized access to sensitive data housed on the affected network.

What Information Was Compromised?

The exposed data includes a wide range of personally identifiable information (PII) and protected health information (PHI):

• Full names, addresses, phone numbers, and email addresses
• Dates of birth and Social Security numbers
• Driver’s license and other government-issued ID numbers
• Diagnosis and treatment details
• Health insurance information
• Financial and banking data

The radiology group operates primarily in Washington, but also offers services in Alaska. As of now, there’s no confirmation on whether individuals in other states were affected. The breach has not yet appeared in the U.S. Department of Health and Human Services’ breach portal.

Response and Mitigation

Northwest Radiologists has reported the incident to the Washington State Attorney General’s Office, confirming that 348,118 Washington residents were directly impacted. The company has taken steps to enhance its system security and is offering affected individuals free credit monitoring and identity theft protection services.

While the organization has not publicly identified the nature of the cyberattack, the symptoms of the breach suggest it could be linked to a ransomware event, though no known threat actor has claimed responsibility at this time.

Industry Takeaway

This breach highlights ongoing vulnerabilities within the healthcare sector, a frequent target for cybercriminals due to the high value of medical and identity data. It underscores the need for proactive cybersecurity measures, continuous network monitoring, and robust incident response protocols—particularly for organizations that handle sensitive patient information.

Healthcare providers and vendors should remain vigilant, regularly assess their risk posture, and prioritize compliance with HIPAA and other data protection regulations to minimize exposure and build trust with their patients.

Fuente: https://www.securityweek.com/northwest-radiologists-data-breach-impacts-350000-washingtonians