Radiology Associates of Richmond reports data breach affecting 266,000 individuals

Radiology Associates of Richmond, a Virginia-based medical imaging services provider, disclosed a data breach affecting the protected health information of 266,183 individuals after hackers gained unauthorized access to its internal systems in July 2025.

The organization said the intrusion occurred on or about July 25, 2025, when threat actors accessed internal files containing sensitive patient information. An extensive forensic investigation and manual document review concluded on April 6, 2026, that files containing protected health information had been acquired without authorization.

Radiology Associates of Richmond, which operates a radiology practice in Virginia and partners with multiple hospitals and imaging centers in the Richmond area, said it engaged external cybersecurity experts to contain the incident and determine its scope following the discovery of the breach.

Notification letters began going out to affected individuals on May 21, 2026. Regulatory filings submitted to state authorities show that 266,183 people are receiving notifications related to the incident.

The compromised information may include names, Social Security numbers, government-issued identification numbers, financial account details, medical records, and health insurance information. Redacted notification letter samples filed with state authorities indicate that credit and debit card information may also have been exposed during the attack.

The healthcare provider said affected individuals whose Social Security numbers were included in the impacted files are being offered complimentary credit monitoring services. The company also advised recipients to follow recommended security practices to help protect their personal information.

The newly disclosed incident follows another major cybersecurity event involving Radiology Associates of Richmond. In July 2025, the organization notified the U.S. Department of Health and Human Services that personal information belonging to approximately 1.4 million individuals had been compromised in a separate April 2024 data breach.

Attorneys investigating the latest breach are evaluating potential legal claims related to the exposure of personal and protected health information tied to the incident.