Patients sue West Coast private radiology practice over recent cyber incident
Two patients recently filed a proposed class action lawsuit against a West Coast private radiology practice.
Attorneys are targeting Bellingham, Washington-based Northwest Radiologists and the related Mount Baker Imaging, its joint venture partnership with Peace Health system. The radiology practice reportedly experienced a “data security incident” in January, leading to possible leaked information including dates of birth, Social Security and driver’s license numbers, and diagnosis details.
Washingtonians Daniel Uitdenhowen, of Ferndale, and Michael Barr, of Bellingham, believe Northwest Radiologists failed to protect patient info prior to the attack, the Cascadia Daily News reported Monday.
“Cyber and data security systems were so completely inadequate that it allowed cybercriminals to obtain files containing a treasure trove of thousands of patients’ private highly sensitive information,” the lawsuit, filed in Whatcom County Superior Court on April 25, claims.
A representative who answered the phone at Northwest Radiologists’ main office Thursday said the practice is not commenting on the investigation, which is still ongoing. In a March notification, the practice said it had hired a forensic specialist to aid in the effort, with no initial indications the information was misused.
Plaintiff attorneys claim the practice never issued a formal notification to those impacted as of April 23. Rather, Northwest Radiologists purportedly “obfuscated” information about the attack, initially referring to it as a “computer network disruption” and later a “data breach,” the Cascadia Daily News noted. Uitdenhowen and Barr further allege that Northwest Radiologists violated federal and state law by not alerting patients more promptly and failed to properly train employees how to addres a cybersecurity incident.
The 20-radiologist practice has been around for over 50 years, providing interpretations and minimally invasive procedures to hospitals in Bellingham, Friday Harbor, and Sedro Woolley, Washington, along with Ketchikan, Alaska. It has six outpatient imaging locations in partnership with PeaceHealth and is a member of independent practice coalition Strategic Radiology.
Several other imaging groups have faced cyberattacks and subsequent lawsuits in recent months. Arizona-based SimonMed Imaging was hacked in January and taken to court the following month. Same for Florida imaging and radiation oncology provider Akumin, which experienced a data breach in October 2023 and was sued in December. Other recent industry victims have included Pinehurst Radiology Associates in North Carolina and East River Medical Imaging PC in New York. A judge in October ordered the latter to pay $1.85 million to settle a class action lawsuit stemming from the cyberattack.
Imaging experts earlier this year shared advice on how radiology groups can contain damage from future data breaches.
Marty Stempniak has covered healthcare since 2012, with his byline appearing in the American Hospital Association's member magazine, Modern Healthcare and McKnight's. Prior to that, he wrote about village government and local business for his hometown newspaper in Oak Park, Illinois. He won a Peter Lisagor and Gold EXCEL awards in 2017 for his coverage of the opioid epidemic.