RSNA reports cybersecurity incident potentially impacting personal information

The Radiological Society of North America has experienced a data breach, according to recent notices filed with multiple states. 

Oak Brook, Illinois-based RSNA alerted state authorities in Massachusetts and Vermont about the occurrence on Aug. 28.  The society first detected unauthorized access to its network on June 25, with the “cybersecurity incident” resulting in the potential exposure of a “limited number of 1099 forms.” 

“The privacy and security of the personal information we maintain is of the utmost importance to Radiological Society of North America,” RSNA said in its message to state attorneys general and impacted consumers. “Upon learning of this issue, we immediately secured the environment and commenced a prompt and thorough investigation,” it added later. “As part of our investigation, we have been working very closely with external cybersecurity professionals experienced in handling these types of incidents.”

After an “extensive” forensic investigation and manual document review, RSNA determined that, between June 20-26, an unauthorized party may have accessed files containing personal information. The society emphasized that there is no evidence the information has been used for identity theft or financial fraud. 

However, RSNA is offering identity theft protection services through IDX. In the note, it also detailed precautionary measures individuals can take to protect their personal information, including placing fraud alerts and security freezes on their credit files. 

“Please accept our apologies that this incident occurred,” the society said in its letter. “RSNA is committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. RSNA continually evaluates and modifies its practices and internal controls to enhance the security and privacy of your personal information.”

RSNA’s website appeared to be down for multiple days in late June and early July. A spokesperson at the time said the society was experiencing a “network outage affecting RSNA.org” but did not elaborate further. RSNA did not immediately respond to a request for comment Tuesday. 

New Jersey law firm Console & Associates posted a news update about the cyber incident on Aug. 30, urging impacted parties to consult an attorney. 

Update: RSNA shared a statement about the cyber incident on Wednesday, Sept. 4: 

"After an extensive forensic investigation completed by cybersecurity professionals, RSNA recently sent notification letters to less than 200 individuals to notify them that a certain file containing their name and social security numbers may have been accessed by an unauthorized individual.

RSNA is committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. RSNA continually evaluates and modifies its practices and internal controls to enhance the security and privacy of your personal information."