Radiology provider launches investigation, notifies patients after hackers infiltrate PACS
A New York-based radiology firm has conducted a forensics investigation and is contacting patients this week after hackers infiltrated its picture archiving and communication system.
Northeast Radiology said Wednesday that the breach first occurred back in January, with “unauthorized” individuals gaining access to 29 patients’ personal information. It recently contracted with a security firm to analyze the incident and is now evaluating ways to strengthen its PACS and security protocols.
“There is no evidence that any personal information was misused by the unauthorized individuals, and Northeast Radiology is not aware of any instances of fraud or identity theft as a result of this incident,” the company said in a March 11 announcement.
Information accessed varied by individual and included name, gender, age, date of birth, exam description, image and description, and medical record ID. The latter, in some instances, may have corresponded to patients’ Social Security Number, officials noted, with the practice providing credit monitoring and identity theft protection in those instances. Out of “an abundance of caution,” Northeast Radiology is also informing all patients, beyond the 29 affected, about the incident.
“As a precautionary measure, individuals should remain vigilant about reviewing their account statements and credit reports,” the company, which has five locations in New York and Connecticut, told customers this week. “If unauthorized activity on an account is suspected, individuals should promptly notify the related financial institution or company and report the activity to the proper law enforcement authorities,” they added.