Cyber Incident Victim: Northeast Radiology

On or around January 10, 2020, unauthorized individuals gained access to Northeast Radiology's picture archiving and communication system (PACS), a platform used to store radiology images and associated patient information. Alliance HealthCare Services, Northeast Radiology's healthcare management services provider, detected and notified Northeast Radiology of the breach on January 11, 2020. The forensic investigation conducted by Alliance HealthCare Services and Northeast Radiology with assistance from a leading security firm confirmed unauthorized access to the PACS but found no evidence of data misuse, fraud, or identity theft stemming from the incident. The investigation determined that 29 patients' records were definitively accessed by the intruders. While other patient records were present in the system, investigators could not confirm whether additional individuals' data had been accessed.

Northeast Radiology initiated written notifications on March 11, 2020, to all potentially affected patients for whom contact information was available, including both the confirmed 29 cases and others whose data resided on the compromised system. The potentially exposed information included names, genders, ages, dates of birth, exam descriptions, dates of service, medical images, image descriptions, and medical record numbers. In some instances, medical record numbers corresponded to Social Security Numbers. For patients whose Social Security Numbers were potentially compromised, Northeast Radiology arranged complimentary identity protection and credit monitoring services. The organization established a dedicated inquiry line (1-800-491-8837) for individuals who believed they might be affected but did not receive mailed notifications. Patients were advised to review account statements, credit reports, and contact financial institutions or law enforcement if suspicious activity occurred.