Patients file $5M class-action lawsuit against 1 of America’s oldest radiology practices
Patients have filed a class action lawsuit against one of America’s oldest private radiology groups following a recent cyberattack.
Plaintiffs have now submitted at least 10 complaints against Radiology Associates of Richmond, Virginia, after it notified them about the breach in July. They’re seeking millions of dollars and have now consolidated the cases into a single proceeding to make the matter more efficient, Richmond Biz Sense reported Wednesday.
In the lawsuit, “Jane Doe,” who is under 18, and legal representatives claim the radiology practice didn’t safeguard private health information (PHI) nor notify individuals quickly enough.
“In addition, [Radiology Associates of Richmond] failed to properly monitor the computer network and systems that housed the private information,” the complaint, filed Aug. 18 in the U.S. District Court for the Eastern District of Virginia, claims. “Had defendant properly monitored its computer network and systems, it would have discovered the massive intrusion sooner rather than allowing cybercriminals almost a month of unimpeded access to the [personally identifiable information] and PHI of plaintiff and class members.”
Radiology Associates of Richmond declined to comment on the lawsuit Wednesday. It first discovered the breach in May following an extensive forensic investigation, with an unauthorized third party gaining access to its systems sometime in April 2024. The practice has urged patients to monitor their credit reports and utilize fraud alerts to spot suspicious activity, Radiology Business reported previously. Possible compromised information may have included names, dates of birth, medical details and health insurance records.
“The privacy and security of the personal information we maintain is of the utmost importance to Radiology Associates of Richmond,” the practice said in a notice posted to its website. “RAR has no evidence that any personal information has been or will be misused as a direct result of this incident,” it added later. “However, out of abundance of caution, commencing on July 1, 2025, RAR notified individuals whose information may have been included in the files accessed by the unauthorized party, to the extent it had contact information.”
Jane Doe et al. are seeking $5 million in damages, restitution and injunctive relief and want a jury trial to decide the matter. Nearly 1.42 million individuals may have been impacted by the cyberattack, according to the Health and Human Services Office for Civil Rights Breach Portal.
RAR joins several other radiology practices that have suffered data breaches including Northwest Radiologists and Pinehurst Radiology Associates. A recent report indicated that ransomware groups are increasingly targeting radiology practices and imaging centers—which may lack the size of large hospitals but still hold a treasure trove of private health information. This can fetch large sums on the dark web. Last year, East River Medical Imaging PC, New York, was ordered to pay $1.85 million in a similar lawsuit stemming from a data breach.
Radiology Associates of Richmond was founded in 1905, employs over 60 radiologists, and is a member of the Strategic Radiology coalition of independent imaging groups.
Marty Stempniak has covered healthcare since 2012, with his byline appearing in the American Hospital Association's member magazine, Modern Healthcare and McKnight's. Prior to that, he wrote about village government and local business for his hometown newspaper in Oak Park, Illinois. He won a Peter Lisagor and Gold EXCEL awards in 2017 for his coverage of the opioid epidemic.