Triad Radiology Associates Reports Data Breach Affecting 11,000 Patients
Winston-Salem-based Triad Radiology Associates (TRA), a North Carolina radiology practice serving nine hospitals and over a dozen outpatient locations, disclosed a data security incident on February 8, 2024, after detecting suspicious activity in an employee’s email account in late July 2023. The breach, classified as a hacking/IT incident, may have exposed sensitive personal information, including names, addresses, Social Security numbers, and bank account details, between July and September 2023.
TRA, which employs 46 physicians and is part of the Strategic Radiology coalition, acted swiftly to secure the compromised account and engaged a third-party investigator to assess the scope of the breach. While the practice stated it found no evidence of fraudulent misuse of the accessed data, it could not rule out the possibility of exposure. In response, TRA is offering credit monitoring and identity protection services to potentially impacted individuals and has reviewed its data security policies.
The breach was first reported on February 6, 2024, with an estimated 11,000 individuals affected. Law firms, including Pittsburgh-based Lynch Carpenter, have since begun recruiting patients for a class-action lawsuit, citing potential compensation for those impacted. TRA joins a growing list of radiology groups targeted by cyberattacks, including recent cases involving Rayus Radiology ($3.25M settlement), a Minnesota group ($2M settlement), and Florida-based practices.
The incident underscores the rising cybersecurity threats facing healthcare providers, particularly in radiology, where breaches have become increasingly common. TRA, led by Dr. [Name], a physician serving on the American College of Radiology board, continues to investigate the breach while reinforcing its security measures.
Triad Radiology Associates TPRM report: https://www.rankiteo.com/company/triad-radiology-associates-pllc
"id": "tri1771971823",
"linkid": "triad-radiology-associates-pllc",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '11,000 patients',
'industry': 'Radiology/Healthcare',
'location': 'Winston-Salem, North Carolina, USA',
'name': 'Triad Radiology Associates (TRA)',
'size': '46 physicians, serves 9 hospitals and over a '
'dozen outpatient locations',
'type': 'Healthcare Provider'}],
'attack_vector': 'Compromised email account',
'customer_advisories': 'Offered credit monitoring and identity protection '
'services to affected patients',
'data_breach': {'number_of_records_exposed': '11,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information and financial data)',
'type_of_data_compromised': ['Names',
'Addresses',
'Social Security numbers',
'Bank account details']},
'date_detected': '2023-07-31',
'date_publicly_disclosed': '2024-02-08',
'description': 'Triad Radiology Associates (TRA) disclosed a data security '
'incident after detecting suspicious activity in an employee’s '
'email account. The breach may have exposed sensitive personal '
'information of 11,000 patients, including names, addresses, '
'Social Security numbers, and bank account details.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'class-action lawsuit and breach '
'disclosure',
'data_compromised': 'Sensitive personal information (names, '
'addresses, Social Security numbers, bank '
'account details)',
'identity_theft_risk': 'High (exposure of Social Security numbers '
'and bank account details)',
'legal_liabilities': 'Class-action lawsuit initiated by affected '
'patients',
'payment_information_risk': 'High (exposure of bank account '
'details)',
'systems_affected': 'Employee email account'},
'initial_access_broker': {'entry_point': 'Employee email account'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Increased vulnerability of healthcare providers, '
'particularly radiology groups, to cyberattacks. '
'Importance of securing email accounts and monitoring for '
'suspicious activity.',
'post_incident_analysis': {'corrective_actions': 'Reviewed data security '
'policies, secured the '
'compromised account, '
'offered credit monitoring '
'services',
'root_causes': 'Compromised employee email '
'account'},
'recommendations': 'Reinforce data security policies, implement multi-factor '
'authentication for email accounts, provide credit '
'monitoring services to affected individuals, and enhance '
'employee training on cybersecurity best practices.',
'references': [{'date_accessed': '2024-02-08',
'source': 'Triad Radiology Associates Breach Disclosure'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuit initiated by '
'Lynch Carpenter'},
'response': {'communication_strategy': 'Public disclosure on February 8, '
'2024; notifications to affected '
'patients',
'containment_measures': 'Secured the compromised email account',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Reviewed data security policies, '
'offered credit monitoring and identity '
'protection services to affected '
'individuals',
'third_party_assistance': 'Engaged a third-party investigator to '
'assess the scope of the breach'},
'title': 'Triad Radiology Associates Data Breach',
'type': 'Hacking/IT Incident'}