Radiological Society of North America

The Radiological Society of North America (RSNA) experienced a data breach on or around June 25, 2024, reported by the Vermont Office of the Attorney General on August 28, 2024. The incident involved unauthorized access to RSNA’s network, leading to the potential exposure of a limited number of 1099 tax forms. The breach impacted only 2 individuals, suggesting a contained but targeted compromise of financial documentation. While the scope appears narrow, the exposure of 1099 forms which typically include Taxpayer Identification Numbers (TINs), payment details, and possibly Social Security Numbers (SSNs) poses risks of identity theft, tax fraud, or financial exploitation for the affected parties. The breach did not indicate broader systemic damage, mass data exfiltration, or operational disruption to RSNA’s core functions. However, the incident underscores vulnerabilities in third-party network security and the need for heightened monitoring of financial records for the exposed individuals. RSNA has not disclosed whether the breach stemmed from a phishing attack, credential theft, or unpatched vulnerability, but the limited impact suggests either a targeted intrusion or an opportunistic exploit with minimal lateral movement. No ransomware, widespread customer data leaks, or regulatory penalties were reported in connection with this event.

Source: https://ago.vermont.gov/document/2024-08-28-radiological-society-north-america-data-breach-notice-consumers

TPRM report: https://www.rankiteo.com/company/rsna

"id": "rsn040091825",
"linkid": "rsna",
"type": "Breach",
"date": "6/2024",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'customers_affected': 2,
                        'industry': 'Healthcare / Radiology',
                        'location': 'United States',
                        'name': 'Radiological Society of North America (RSNA)',
                        'type': 'Non-profit Organization'}],
 'data_breach': {'file_types_exposed': ['1099 forms'],
                 'number_of_records_exposed': 2,
                 'sensitivity_of_data': 'Moderate',
                 'type_of_data_compromised': ['Tax-related (1099 forms)']},
 'date_detected': '2024-06-25',
 'date_publicly_disclosed': '2024-08-28',
 'description': 'The Vermont Office of the Attorney General reported a data '
                'breach involving the Radiological Society of North America '
                '(RSNA) on August 28, 2024. The breach occurred on or about '
                "June 25, 2024, due to unauthorized access to RSNA's network, "
                'potentially exposing a limited number of 1099 forms, '
                'impacting 2 individuals.',
 'impact': {'data_compromised': ['1099 forms']},
 'references': [{'date_accessed': '2024-08-28',
                 'source': 'Vermont Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
                                                        'Attorney General']},
 'title': 'Data Breach at Radiological Society of North America (RSNA)',
 'type': 'Data Breach'}

Radiological Society of North America

Pass’Sport: Have I Been Pwned’s Post

Pax8: Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners

Kaiser Permanente: Kaiser Permanente reaches $46 million settlement over data breach — how to file your claim