Breach cyber

Radiologic Medical Services

Feb 22, 2024 3 min read
Radiologic Medical Services

Radiologic Medical Services, operating Muscatine Radiology and Corridor Radiology in Iowa, suffered a data breach after unauthorized actors accessed two employee email accounts between February 22, 2024, and March 19, 2024. The breach exposed sensitive personally identifiable information (PII) and protected health information (PHI) of 56,902 patients, including names, addresses, dates of birth, Social Security numbers, driver’s license/state ID numbers, health insurance details, medical records, and payment information. The compromised data heightens risks of identity theft and medical fraud.The company detected suspicious activity on February 26, 2024, but disclosed the breach to the U.S. Department of Health and Human Services (HHS) on November 12, 2024, and notified affected individuals by mail in October 2025. In response, Radiologic Medical Services secured the accounts, engaged cybersecurity experts, and offered free credit monitoring and identity protection services to victims. The delay in disclosure and the scale of exposed PHI/PII underscore significant operational and reputational damage, particularly in the healthcare sector where trust and data security are critical.

Source: https://www.claimdepot.com/data-breach/radiologic-medical-services-pc-2025

TPRM report: https://www.rankiteo.com/company/radiologic-medical-services

"id": "rad2303123100825",
"linkid": "radiologic-medical-services",
"type": "Breach",
"date": "2/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '56,902 patients',
                        'industry': 'Healthcare (Diagnostic Imaging)',
                        'location': 'Eastern Iowa, USA',
                        'name': 'Radiologic Medical Services',
                        'size': '7 board-certified radiologists; operates two '
                                'imaging centers (Muscatine Radiology and '
                                'Corridor Radiology)',
                        'type': 'Private Corporation'},
                       {'customers_affected': 'Included in the 56,902 total',
                        'industry': 'Healthcare',
                        'location': 'Muscatine, Iowa, USA',
                        'name': 'Muscatine Radiology',
                        'type': 'Imaging Center'},
                       {'customers_affected': 'Included in the 56,902 total',
                        'industry': 'Healthcare',
                        'location': 'Eastern Iowa, USA',
                        'name': 'Corridor Radiology',
                        'type': 'Imaging Center'}],
 'attack_vector': 'Compromised Employee Email Accounts',
 'customer_advisories': ['Mail notifications sent to affected individuals '
                         '(beginning 2025-10-06)',
                         'Offer of free credit monitoring and identity '
                         'protection services'],
 'data_breach': {'data_exfiltration': 'Potential (data may have been accessed '
                                      'or acquired)',
                 'file_types_exposed': ['Emails',
                                        'Attachments (likely containing '
                                        'patient records)'],
                 'number_of_records_exposed': '56,902',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Dates of Birth',
                                                         'Social Security '
                                                         'Numbers',
                                                         "Driver's License or "
                                                         'State ID Numbers',
                                                         'Health Insurance '
                                                         'Information',
                                                         'Medical Records'],
                 'sensitivity_of_data': 'High (includes SSNs, medical records, '
                                        'payment info)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)']},
 'date_detected': '2024-02-26',
 'date_publicly_disclosed': '2024-11-12',
 'description': 'Radiologic Medical Services, owner of Muscatine Radiology and '
                'Corridor Radiology in Iowa, experienced a data breach '
                'affecting at least 56,902 patients. Unauthorized access to '
                'two employee email accounts was detected, compromising '
                'sensitive personally identifiable information (PII) and '
                'protected health information (PHI), including names, '
                "addresses, dates of birth, Social Security numbers, driver's "
                'license or state ID numbers, health insurance information, '
                'medical records, and payment information. The breach poses '
                'risks of identity theft and medical fraud for impacted '
                'patients.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'exposure of sensitive patient data',
            'data_compromised': ['Names',
                                 'Addresses',
                                 'Dates of Birth',
                                 'Social Security Numbers',
                                 "Driver's License or State ID Numbers",
                                 'Health Insurance Information',
                                 'Medical Records',
                                 'Payment Information'],
            'identity_theft_risk': 'High (due to exposure of PII and PHI)',
            'legal_liabilities': 'Potential legal liabilities under HIPAA and '
                                 'state regulations',
            'payment_information_risk': 'High (payment information exposed)',
            'systems_affected': ['Employee Email Accounts']},
 'initial_access_broker': {'entry_point': 'Employee Email Accounts',
                           'high_value_targets': ['Patient PII and PHI']},
 'investigation_status': 'Completed (as of public disclosure)',
 'post_incident_analysis': {'root_causes': ['Compromised employee email '
                                            'accounts (potential phishing or '
                                            'credential theft)']},
 'recommendations': ['Sign up for free credit monitoring and identity '
                     'protection services offered by Radiologic Medical '
                     'Services',
                     'Monitor credit reports and financial accounts for '
                     'unusual activity',
                     'Be alert for phishing emails or calls exploiting exposed '
                     'information',
                     'Consider placing a fraud alert or credit freeze with '
                     'major credit bureaus'],
 'references': [{'source': 'Corridor Radiology Website'},
                {'source': 'U.S. Department of Health and Human Services '
                           'Breach Portal'},
                {'source': "Vermont Attorney General's Office"}],
 'regulatory_compliance': {'regulations_violated': ['Health Insurance '
                                                    'Portability and '
                                                    'Accountability Act '
                                                    '(HIPAA)',
                                                    'Potential state-level '
                                                    'healthcare privacy laws'],
                           'regulatory_notifications': ['U.S. Department of '
                                                        'Health and Human '
                                                        'Services (2024-11-12)',
                                                        'Vermont Attorney '
                                                        "General's office "
                                                        '(2025-10-07)']},
 'response': {'communication_strategy': ['Disclosed breach to U.S. Department '
                                         'of Health and Human Services '
                                         '(2024-11-12)',
                                         'Reported to Vermont Attorney '
                                         "General's office (2025-10-07)",
                                         'Notified affected individuals by '
                                         'mail (beginning 2025-10-06)'],
              'containment_measures': ['Secured affected email accounts'],
              'incident_response_plan_activated': True,
              'recovery_measures': ['Offered free credit monitoring and '
                                    'identity protection services to affected '
                                    'patients'],
              'third_party_assistance': 'Cybersecurity experts engaged'},
 'threat_actor': 'Unauthorized Actor',
 'title': 'Radiologic Medical Services Data Breach',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.