In late 2023, Eastern Radiologists Inc. suffered a data breach where unauthorized parties accessed its computer network, compromising sensitive personal and health information of patients. The exposed data included names, Social Security numbers, home addresses, phone numbers, dates of birth, financial account numbers, driver’s license numbers, patient account numbers, billing details, health insurance IDs, medical records, dates of service, provider names, and treatment information.The breach led to a $3.25 million class-action settlement, offering affected individuals up to $5,000 in reimbursement for out-of-pocket losses (e.g., identity theft costs, credit monitoring) or a pro rata cash payment (~$50). Additionally, victims received one year of free medical account monitoring, including dark web surveillance and $1 million in identity theft insurance. The lawsuit alleged negligence, breach of contract, and violations of North Carolina privacy laws, though the company denied wrongdoing. The incident highlights severe risks to patient privacy, financial security, and medical identity integrity, with potential long-term consequences like fraud and unauthorized access to highly sensitive health data.
Source: https://www.claimdepot.com/settlements/eastern-radiologists-settlement
TPRM report: https://www.rankiteo.com/company/eastern-radiologists-inc-
"id": "eas5802858100825",
"linkid": "eastern-radiologists-inc-",
"type": "Breach",
"date": "6/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare / Radiology',
'name': 'Eastern Radiologists Inc.',
'type': 'Healthcare Provider'}],
'customer_advisories': {'claim_options': [{'amount': 'Up to $5,000 '
'(documented, '
'unreimbursed losses '
'post-Nov. 20, 2023)',
'pro_rata_reduction': 'Applies if '
'total '
'claims '
'exceed '
'$200,000',
'type': 'Out-of-pocket loss '
'reimbursement'},
{'amount': 'Estimated $50 '
'(dependent on valid '
'claims and net '
'settlement fund)',
'type': 'Alternative pro rata '
'payment'},
{'duration': '1 year (free)',
'eligibility': 'Available in '
'addition to cash '
'options',
'type': 'Medical account '
'monitoring'}],
'eligible_claimants': 'Individuals who received '
'notification of the data '
'incident and had private '
'information impacted',
'required_actions': ['Submit claim by Dec. 1, 2025 '
'(online or mail)',
'Provide unique ID and PIN from '
'notice',
'For out-of-pocket losses: '
'submit third-party '
'documentation (e.g., receipts, '
'bank statements)']},
'data_breach': {'data_exfiltration': 'Likely (data accessed by unauthorized '
'parties)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'financial data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Financial Information']},
'date_detected': '2023-11-24',
'description': 'Eastern Radiologists Inc. experienced a data breach in late '
'2023, compromising sensitive personal and health information '
'of patients. The breach led to a $3.25 million class action '
'settlement, offering affected individuals up to $5,000 in '
'reimbursement for out-of-pocket losses or a pro rata cash '
'payment, along with one year of free medical account '
'monitoring. The incident involved unauthorized access to the '
"company's computer network, exposing data such as names, "
'Social Security numbers, medical records, and financial '
'account details.',
'impact': {'brand_reputation_impact': 'Class action lawsuit and settlement '
'indicate significant reputational '
'damage',
'data_compromised': ['Names',
'Social Security numbers',
'Home addresses',
'Phone numbers',
'Dates of birth',
'Financial account numbers',
'Driver’s license numbers',
'Patient account numbers',
'Billing account numbers',
'Health insurance plan member IDs',
'Medical record numbers',
'Dates of service',
'Provider names',
'Medical treatment information',
'Other sensitive personal information'],
'financial_loss': {'attorneys_expenses': 'Up to $50,000',
'attorneys_fees': 'Up to $1,500,000',
'out_of_pocket_loss_reimbursement': 'Up to '
'$200,000 '
'(separate '
'from '
'settlement '
'fund)',
'pro_rata_payments': 'Remainder of fund after '
'deductions (estimated $50 '
'per claimant, dependent '
'on valid claims)',
'service_awards': 'Up to $2,500 each for class '
'representatives',
'settlement_fund': '$3,250,000'},
'identity_theft_risk': 'High (exposed PII and financial data)',
'legal_liabilities': {'allegations': ['Negligence',
'Breach of contract',
'Breach of fiduciary duty',
'Unjust enrichment',
'Invasion of privacy',
'Violations of North '
'Carolina laws'],
'settlement_amount': '$3.25 million'},
'payment_information_risk': 'High (financial account numbers '
'exposed)',
'systems_affected': ['Computer network']},
'initial_access_broker': {'high_value_targets': ['Patient PII/PHI and '
'financial data']},
'investigation_status': 'Settled (class action lawsuit)',
'references': [{'source': 'Class Action Settlement Notice (Eastern '
'Radiologists Data Breach)'}],
'regulatory_compliance': {'legal_actions': {'class_action_lawsuit': {'allegations': ['Negligence',
'Breach '
'of '
'contract',
'Breach '
'of '
'fiduciary '
'duty',
'Unjust '
'enrichment',
'Invasion '
'of '
'privacy',
'Violations '
'of '
'North '
'Carolina '
'laws'],
'settlement_amount': '$3.25 '
'million',
'status': 'Settled'}},
'regulations_violated': ['North Carolina laws '
'(alleged)']},
'response': {'communication_strategy': {'claim_process': {'deadline': '2025-12-01',
'mail_in_pdf_form': True,
'online_claim_form': True,
'required_documentation': ['Unique '
'ID '
'and '
'PIN '
'from '
'postcard '
'notice',
'Third-party '
'documentation '
'for '
'out-of-pocket '
'losses '
'(e.g., '
'receipts, '
'bank '
'statements, '
'emails)'],
'settlement_administrator_contact': {'mailing_address': 'Eastern '
'Radiologists '
'Data '
'Incident '
'Claims '
'Administrator, '
'P.O. '
'Box '
'3076, '
'Portland, '
'OR '
'97208-3076'}},
'medical_account_monitoring': {'duration': '1 '
'year',
'features': ['Dark '
'web '
'monitoring',
'$1 '
'million '
'medical '
'identity '
'theft '
'insurance',
'Real-time '
'authentication '
'alerts',
'High-risk '
'transaction '
'monitoring',
'Security '
'freeze '
'assistance',
'Victim '
'assistance']},
'notifications_sent': True,
'payment_options': ['Paper check',
'Digital '
'payment']}},
'stakeholder_advisories': {'claim_deadline': '2025-12-01',
'exclusion_deadline': '2025-10-28',
'final_approval_hearing': '2025-12-15',
'payout_timeline': '30 to 60 days after final '
'approval and resolution of '
'appeals'},
'threat_actor': 'Unauthorized parties',
'title': 'Eastern Radiologists Data Breach (2023)',
'type': 'Data Breach'}