Consulting Radiologists says February data breach compromised close to 600,000 patients

Minnesota-based healthcare services provider Consulting Radiologists experienced a data security incident that compromised the sensitive personal information of almost 600,000 individuals.

 

In a data breach notice filed with the Office of the Maine Attorney General, Consulting Radiologists said that on February 12, it identified suspicious activity in its internal network. 

 

The healthcare services provider said it immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident, took steps to contain the impact of the attack and notified law enforcement about the incident.

 

The investigation revealed that the sensitive personal information of Consulting Radiologists’ patients was accessed and acquired by a threat actor. The compromised data included names, addresses, dates of birth, Social Security numbers, health insurance information, and medical information.

 

Initially, CRL said that its investigation identified 511,947 individuals who were impacted by the incident. However, in a recent filing with the Maine state regulator, CRL stated that at least 580,703 individuals were impacted by the data security incident.

 

“We deployed additional monitoring tools and will continue to enhance the security of our systems. We take the protection and proper use of personal information very seriously,” it said.

 

While CRL found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. It has also offered one year of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.

 

On April 27, the LockBit ransomware group claimed responsibility for the cyber attack on CRL and listed it as a victim on its data leak site. Later, the Qilin ransomware group also claimed responsibility for the cyber attack on the company and said it was in possession of 94,667 files totalling to 70 GB of data stolen from CRL. It is not known whether any of the two groups managed to extract a ransom from Consulting Radiologists.