Security

Cyberattack on Radiology Practice Exposed Sensitive Data of 512,000 People 

Written by Lore Apostol
Published on June 20, 2024

A notification was sent to 512,000 individuals announcing that specialty radiology practice Consulting Radiologists Ltd in Minnesota was the target of a cyberattack that exposed patients' sensitive data earlier this year. Maine's attorney general report said 47 Maine residents were also affected.

This is one of several major health data breaches affecting hundreds of thousands of patients that were reported to regulators by radiologists in recent months.

A practice called CRL, which provides teleradiology-based interpretation services for over 100 healthcare facilities in Minnesota and its surrounding areas, reportedly detected unusual activity in its network environment in February. CRL says it promptly took security measures and enlisted specialized cybersecurity help to investigate the incident.

The investigation revealed unauthorized third-party access to some parts of the CRL database, which included names, birthdates, addresses, health insurance details, and medical information. Later, the interpretation services practice identified the affected individuals. Some patients had their Social Security number, driver's license number, face sheets, and imaging reports exposed.

Affected individuals receive 12 months of complimentary identity and credit monitoring. CRL announced additional monitoring tools and system security enhancements. It is not known whether ransomware or extortion demands were involved, but network breaches could affect patient results, which could motivate organizations to pay ransom.

Radiology practices and medical imaging centers can be prime targets for cybercriminals due to a variety of reasons, including weaker security and high volumes of patient health information and images, which are harder to encrypt and usually contain some personal identifiers such as patient name, medical record number, age, or gender.

In some cases, “good” radiology images are sold on the black market to help people who need them to pass a physical exam for a job or to apply for a visa.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: