The personal information of patients who had scans at an imaging chain that operates in New York and Connecticut was compromised after unauthorized individuals gained access to the group's PACS server.
Northeast Radiology's partner Alliance Healthcare Services first notified the radiology group about a potential breach in January. Alliance then launched an investigation with a forensic security company, which found unauthorized individuals accessed a system that could have included patients' names, dates of birth, and medical record numbers linked to Social Security numbers.
The investigation confirmed that the information of 29 patients was compromised by the breach, although the server contained data from more individuals. As of now, there is no evidence that the patient information was misused, and the two companies are not aware of related identity theft or fraud, Northeast Radiology noted.
On March 11, Northeast Radiology sent warning letters to all patients whose information was stored on the PACS server. The letters informed patients about the breach, advised them on the next steps to take, and offered identity protection and credit monitoring services for those whose Social Security numbers may have been compromised.