Radiology Associates of Richmond data breach affected over 1.4 million people

Virginia-based private radiology practice Radiology Associates of Richmond said a data security incident it suffered earlier this year compromised the sensitive personal data of more than 1.4 million individuals.

 

Headquartered in Richmond, Virginia, Radiology Associates of Richmond is one of the oldest, private radiology practices in the United States. It provides diagnostic, vascular and neuro-vascular interventional services to hospitals, freestanding emergency centres and outpatient imaging centres across the state of Virginia.

 

In a data security incident notice, RAR said that on May 2, it detected suspicious activity within its internal network. The radiology practice immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“After an extensive forensic investigation and complex manual document review, RAR discovered on May 2, 2025 that the impacted systems, which were accessed between April 2, 2024 through April 6, 2024, contained identifiable protected health and personal information,” RAR said.

 

The compromised data included names, contact information, Social Security numbers, and more. The incident was reported to the U.S. Department of Health and Human Services Office for Civil Rights, where RAR said it has identified at least 1,419,091 individuals impacted by the incident.

 

“RAR is committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information,” RAR said.

 

While RAR found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered complimentary identity protection and credit monitoring services to   individuals whose Social Security Numbers were affected during the incident.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on RAR. The radiology practice also did not share details on who was behind the attack, how much data was compromised, or whether it had received a ransom demand.