Radiology Associates of Richmond data breach impacts 1.4M people
Radiology Associates of Richmond data breach impacts 1.4 million people
July 20, 2025
A data breach at Radiology Associates of Richmond has exposed the personal and health information of over 1.4 million individuals.
Radiology Associates of Richmond has disclosed a data breach that impacted personal and health information of over 1.4 million individuals.
Radiology Associates of Richmond (RAR) is a private radiology practice founded in 1905 and based in central Virginia. With over 100 years of continuous operation, RAR provides comprehensive diagnostic and interventional imaging services, including X‑rays, CT scans, MRI, ultrasound, mammography, nuclear medicine, and advanced vascular and neuro‑interventional procedures, across several hospital and outpatient facilities in the Richmond area.
The organization discovered that threat actors gained access to its systems between April 2 and 6, 2024. The investigation confirmed on May 2, 2025, that the security breach exposed protected health and personal information. The practice quickly secured its network with the help of external cybersecurity experts and is assessing the impact.
“As a result of a cybersecurity incident, RAR has learned that an unauthorized actor gained access to its network environment. Upon learning of this issue, we immediately worked to contain the threat and secure our internal environment. We commenced a prompt and thorough investigation into the incident and worked very closely with external cybersecurity professionals experienced in handling these types of situations to help determine whether any personal or sensitive data had been compromised as a result of this incident.” reads the Notice of Data Security Incident published by the company. “After an extensive forensic investigation and complex manual document review, RAR discovered on May 2, 2025 that the impacted systems, which were accessed between April 2, 2024 through April 6, 2024, contained identifiable protected health and personal information.”
Radiology Associates of Richmond has no evidence of misuse of the compromised data. However, starting July 1, 2025, they notified affected individuals and offered credit monitoring to those whose Social Security numbers were compromised. The organization recommends that impacted individuals stay vigilant by monitoring their financial and medical statements for any suspicious activity.
RAR is offering complementary credit monitoring services to the impacted patients.
According to the Department of Health and Human Services (HHS), the security breach impacted 1,419,091 people.
At this time, no known ransomware group has claimed responsibility for the attack.
This week, Anne Arundel Dermatology (AAD) reported a data breach involving unauthorized access to its systems between February 14 and May 13, 2025. The incident impacted more than 1.9 million individuals.
This week, Stormous ransomware group claimed the theft of personal and health data belonging to 600,000 patients from health provider North Country HealthCare.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, RAR)
