Cyber attack on University Diagnostic Medical Imaging impacted over 135,000 patients

New York-based University Diagnostic Medical Imaging said that the data security incident it suffered last year compromised the sensitive personal information of more than 135,000 individuals.

 

Headquartered in Bronx, New York, University Diagnostic Medical Imaging is a radiology practice specialising in advanced diagnostic imaging services. It offers a comprehensive range of imaging modalities, including MRI, CT scans, ultrasound, and more.

 

In a data security incident notice published on its website, UDMI said that on November 26, it identified unusual activity in its internal network. The radiology practice immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The investigation determined that certain UDMI information was accessed without authorisation for a limited amount of time on November 26, 2024. Therefore, UDMI initiated a comprehensive review to determine the information and individuals potentially impacted,” reads the notice.

 

The compromised data included names, addresses, dates of birth, referring physician, medical treatment and diagnosis information. In a filing with the U.S. Department of Health and Human Services Office for Civil Rights, UDMI said it has identified at least 138,080 individuals who were impacted by the cyber security incident.

 

“In response to this incident, we worked with third-party specialists to investigate and implement additional security precautions. We also notified law enforcement, and we are reviewing our policies and procedures related to data protection,” the radiology practice added.

 

While UDMI found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

At the time of publishing, no known hacker group has claimed responsibility for the cyber attack on UDMI. The practice also did not share details on who is behind the attack or whether it received a ransom demand.