RSNA reports cybersecurity incident potentially impacting personal information

The Radiological Society of North America has experienced a data breach, according to recent notices filed with multiple states. 

Oak Brook, Illinois-based RSNA alerted state authorities in Massachusetts and Vermont about the occurrence on Aug. 28.  The society first detected unauthorized access to its network on June 25, with the “cybersecurity incident” resulting in the potential exposure of a “limited number of 1099 forms.” 

“The privacy and security of the personal information we maintain is of the utmost importance to Radiological Society of North America,” RSNA said in its message to state attorneys general and impacted consumers. “Upon learning of this issue, we immediately secured the environment and commenced a prompt and thorough investigation,” it added later. “As part of our investigation, we have been working very closely with external cybersecurity professionals experienced in handling these types of incidents.”

After an “extensive” forensic investigation and manual document review, RSNA determined that, between June 20-26, an unauthorized party may have accessed files containing personal information. The society emphasized that there is no evidence the information has been used for identity theft or financial fraud. 

However, RSNA is offering identity theft protection services through IDX. In the note, it also detailed precautionary measures individuals can take to protect their personal information, including placing fraud alerts and security freezes on their credit files. 

“Please accept our apologies that this incident occurred,” the society said in its letter. “RSNA is committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. RSNA continually evaluates and modifies its practices and internal controls to enhance the security and privacy of your personal information.”

RSNA’s website appeared to be down for multiple days in late June and early July. A spokesperson at the time said the society was experiencing a “network outage affecting RSNA.org” but did not elaborate further. RSNA did not immediately respond to a request for comment Tuesday. 

New Jersey law firm Console & Associates posted a news update about the cyber incident on Aug. 30, urging impacted parties to consult an attorney. 

Update: RSNA shared a statement about the cyber incident on Wednesday, Sept. 4: 

"After an extensive forensic investigation completed by cybersecurity professionals, RSNA recently sent notification letters to less than 200 individuals to notify them that a certain file containing their name and social security numbers may have been accessed by an unauthorized individual.

RSNA is committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. RSNA continually evaluates and modifies its practices and internal controls to enhance the security and privacy of your personal information." 

Marty Stempniak

Marty Stempniak has covered healthcare since 2012, with his byline appearing in the American Hospital Association's member magazine, Modern Healthcare and McKnight's. Prior to that, he wrote about village government and local business for his hometown newspaper in Oak Park, Illinois. He won a Peter Lisagor and Gold EXCEL awards in 2017 for his coverage of the opioid epidemic. 

Around the web

The nuclear imaging isotope shortage of molybdenum-99 may be over now that the sidelined reactor is restarting. ASNC's president says PET and new SPECT technologies helped cardiac imaging labs better weather the storm.

CMS has more than doubled the CCTA payment rate from $175 to $357.13. The move, expected to have a significant impact on the utilization of cardiac CT, received immediate praise from imaging specialists.

The all-in-one Omni Legend PET/CT scanner is now being manufactured in a new production facility in Waukesha, Wisconsin.