Radiology Associates of Richmond (RAR), a medical imaging services provider based in Virginia, has confirmed a major data breach affecting the sensitive information of more than 1.4 million individuals.

According to a security notification posted on the organization’s website, unauthorized actors gained access to its systems during a multi-day intrusion in April 2024. Although the incident occurred over a year ago, RAR recently determined that the compromised systems contained files holding personally identifiable and protected health information (PHI).

At this time, there is no indication that the stolen data has been used for malicious purposes. However, the organization is offering free credit monitoring services — but only to individuals whose Social Security numbers were exposed during the breach.

Radiology Associates of Richmond operates in central Virginia, delivering medical imaging services across hospitals, emergency centers, and outpatient facilities.

The U.S. Department of Health and Human Services (HHS) updated its breach portal on Thursday, listing the RAR incident as affecting 1,419,091 individuals. So far, no ransomware group has claimed responsibility for the attack.

This breach adds to a growing list of cyber incidents impacting the healthcare sector. Also this week, Maryland-based Anne Arundel Dermatology reported a breach compromising the personal data of 1.9 million people, according to the HHS tracker.

Cybersecurity Implications
Incidents like these continue to underscore the critical need for healthcare providers to implement stronger cybersecurity controls, proactive threat detection, and comprehensive incident response strategies. Healthcare data remains a top target for cybercriminals, due to its high value and potential for long-term exploitation.

Source: https://www.securityweek.com/1-4-million-affected-by-data-breach-at-virginia-radiology-practice/