Consulting Radiologists says ransomware attack impacted over 500,000 patients

News20 Jun 2024

Minnesota-based healthcare services provider Consulting Radiologists experienced a data security incident that compromised the sensitive personal information of more than half a million individuals.

In a data breach notice filed with the Office of the Maine Attorney General, Consulting Radiologists said that on February 12, it identified suspicious activity in its internal network. Immediately, the healthcare services provider launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

It also took steps to contain the spread of the incident and notified law enforcement about the same.

The investigation revealed that the sensitive personal information of its patients was accessed and acquired by a threat actor. The compromised data included names, addresses, dates of birth, Social Security numbers, health insurance information, and medical information.

The company’s filing with the Maine state regulator also revealed that at least 511,947 individuals were impacted by the incident.

“We deployed additional monitoring tools and will continue to enhance the security of our systems. We take the protection and proper use of personal information very seriously,” it said.

While CRL found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. It has also offered one year of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals.

On April 27, the LockBit ransomware group claimed responsibility for the cyber attack on CRL and listed it as a victim on its data leak site. Later, the Qilin ransomware group also claimed responsibility for the cyber attack on the company and said it was in possession of 94,667 files totalling to 70 GB of data stolen from CRL. It is not known whether any of the two groups managed to extract a ransom from Consulting Radiologists.