Assured Imaging

Assured Imaging operates as a healthcare provider specializing in diagnostic imaging services, with a focus on mobile mammography solutions. The organization delivers critical screening and diagnostic procedures directly to patients, emphasizing accessibility through its mobile service model. Its core offerings include mammography pre-screening assessments and associated diagnostic imaging, supporting early detection initiatives for breast health conditions. While headquartered in the United States, the mobile nature of its services suggests a broader operational reach across multiple regions. The company handles sensitive protected health information (PHI) as part of its standard operations, including patient medical histories, insurance details, and diagnostic records.

A defining incident occurred on May 19, 2020, when Assured Imaging suffered a ransomware attack by the Pysa threat group. Attackers compromised systems containing extensive patient data, subsequently exfiltrating and publicly leaking records encompassing medical record numbers, full names, addresses, dates of birth, referring physician information, health insurance details, and comprehensive mammography screening histories. The leaked data included personal and family medical context used in pre-screening evaluations but notably excluded Social Security numbers according to initial forensic analysis. This breach exposed vulnerabilities in the organization's data security infrastructure while demonstrating its role as a custodian of highly sensitive clinical and demographic information for nearly a quarter-million individuals.

The company responded to the incident through public disclosures on its official website and formal notifications to federal regulators, confirming unauthorized system access affecting 244,813 patients. This breach underscores Assured Imaging's regulatory obligations under health data protection frameworks and its operational scale in managing large volumes of PHI. The incident remains a significant case study in healthcare cybersecurity risks associated with specialized diagnostic service providers handling longitudinal patient data across distributed service delivery models. Federal reporting compliance and public breach disclosures reflect the organization's engagement with standard regulatory protocols following security events involving protected health information.