Virginia-based Radiology Associates of Richmond Practice reports data breach

Radiology Associates of Richmond, a Virginia-based medical imaging provider is reporting a cybersecurity incident that compromised sensitive information belonging to more than 1.4 million individuals. 

RAR offers diagnostic imaging and interventional procedures across hospitals and outpatient clinics in the Richmond region including X-rays, CT scans, MRI, ultrasound, mammography, nuclear medicine, and advanced vascular and neuro-interventional procedures. 

The organization discovered that threat actors gained access to its systems between April 2 and 6, 2024. The investigation confirmed the security breach exposed protected health and personal information. The compromised data includes:

• Names and contact information
• Email addresses
• Social Security numbers
• Dates of birth
• Home addresses
• Financial account or payment card numbers
• Bank account and routing numbers
• Medical records and treatment information
• Health insurance information and policy details
• Protected health information (PHI) as defined under HIPAA

The security breach impacted 1,419,091 people, one of the most significant healthcare data breaches of 2025. The nature of the attack has not been disclosed. 

The organization began mailing notification letters to patients through their security partner Cyberscout. The imaging provider will only offer free credit monitoring to those whose Social Security numbers had been exposed. The organization has advised all impacted patients to be careful and monitor their financial accounts, explanation of benefits statements, and credit reports for any fraudulent or irregular activity.