Nearly 210,000 patients impacted in Expert MRI security breach

Expert MRI, a California-based radiology services provider, reported that a data security breach it experienced last year exposed the sensitive personal information of nearly 210,000 people.

 

Headquartered in Bellflower, California, Expert MRI is a leading diagnostic imaging provider known for its high-field strength and multi-positional (stand-up/upright) MRI scans. Its services are widely used by medical and legal professionals, especially for patients suffering from severe orthopedic injuries, whiplash, and traumatic brain injuries.

 

In a data security incident notice filed with the Office of California Attorney General, Expert MRI said that on September 2, it identified unusual activity in its internal network. The radiology practice immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Through our investigation, we determined that the unknown actor gained access to and copied certain files between August 14, 2025 and August 24, 2025,” Expert MRI said.

 

The compromised data included names, addresses, dates of birth, admission dates, diagnosis information, treatment information and Social Security numbers. In a filing with the U.S. Department of Health and Human Services Office for Civil Rights, Expert MRI said it has identified at least 209,560 individuals impacted by the data breach.

 

“Upon becoming aware of the event, we took steps to secure the network, investigate the activity, and determine the scope of impacted information. We are notifying applicable authorities, as required by law. Additionally, as part of our ongoing commitment to the privacy of personal information in our care, we reviewed our existing policies and procedures and added additional safeguards,” the radiology practice added.

 

Expert MRI has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. It has also offered complimentary identity protection and credit monitoring services to all affected individuals.

 

The Pear ransomware group

it had infiltrated the internal network of Expert MRI, listing it as a victim on its data leak site. The group said it had obtained 617 GB of confidential data from the radiology practice and threatened to release the entire database unless its ransom demands are met.