New York radiology group NRAD Medical Assoc. has been informing some of its patients that their personal information may have been accessed without authorization by a radiologist formerly employed by the group.
The radiologist, who is no longer employed by NRAD, accessed and acquired protected health information from the practice's billing systems on or around April 24, according to the firm. The personal information included patient names and addresses, dates of birth, Social Security numbers and health insurance, diagnosis codes, and procedure codes, according to a letter sent by NRAD to potentially affected patients.
As many as 97,000 files of current and former patients -- representing approximately 12% of the more than 800,000 patients seen by NRAD in the past 20 years -- may have been accessed, according to NRAD. The group believes, however, that there is very low risk from the event and the data breach has been contained.
While NRAD said it has no indication that any of this information has been disclosed to or used by any third parties and has no evidence that any credit card, banking, or other financial information has been accessed, it is recommending that affected patients immediately contact any of the three major credit bureaus to place a fraud alert on their report. The group has also established a toll-free number for patients to call with any questions.
NRAD said it has reported the radiologist to the appropriate authorities and government agencies for investigation. In addition, the group said it has implemented a series of enhanced security safeguards in its billing and patient databases.