Private radiology practice reports security breach impacting over 250,000 individuals

Radiology Associates of Richmond, a private radiology practice based in Virginia, said that a data security incident it suffered last year exposed sensitive personal information belonging to more than 250,000 people.

 

Headquartered in Richmond, Virginia, Radiology Associates of Richmond is one of the oldest private radiology practices in the United States. The organisation delivers diagnostic, vascular, and neurovascular interventional services to hospitals, standalone emergency centers, and outpatient imaging facilities throughout Virginia.

 

In a data security incident notice, RAR said it detected suspicious activity within its internal network. The radiology practice immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“After an extensive forensic investigation and complex manual document review, we discovered on or about April 6, 2026, that the impacted systems, which were accessed on or about July 25, 2025, contained some of your personal information and/or protected health information,” RAR said.

 

The compromised data included names, Social Security numbers, government-issued ID numbers, financial information including credit or debit card numbers, medical and health insurance details and more. The filing with the Maine state regulator also states that RAR has identified at least 266,183 individuals who were impacted by the incident.

 

While RAR found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered complimentary identity protection and credit monitoring services to   individuals whose Social Security Numbers were affected during the incident.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on RAR. The radiology practice also did not share details on who was behind the attack, how much data was compromised, or whether it had received a ransom demand.