Radiology Associates of Albuquerque (also known as RAA Imaging/Advanced Imaging, LLC) has lately informed patients about the theft of some of their protected health information (PHI) in a cyberattack that was discovered over A year ago. RAA mentioned it detected suspicious activity inside its systems in August 2021 and took quick action to secure its systems and stop continuing unauthorized access. It began an investigation to find out the nature and extent of the incident.
Based on forensic investigation, unauthorized persons got access to particular systems from July 22, 2021 to August 3, 2021, and extracted files from its system that included patient information. The investigation furthermore discovered that unauthorized persons accessed email accounts at different times in the past 8 months, from December 22, 2020 to July 15, 2021.
RAA pointed out in a substitute breach notice posted on its site that the late issuance of notifications was because of the time it took to look into the incident. RAA stated that the analysis and cataloging of the impacted files were only completed in July 2022, after that the verification of contact data was only completed in September 2022. It began sending notification letters to the affected persons 22 months following the initial breach of the email account, and 14 months following the theft of files that contain PHI from its systems.
The types of information possibly acquired by the attackers differed from person to person, and might have involved these data elements: name, contact details, demographic data, diagnosis, treatment data, details about mental/physical condition, patient number, medical record number, medical insurance details, billing/claim data, Medicaid/Medicare details, biometric information, electronic signature, email/pin/username and password, mother’s maiden name, marriage certificate, vehicle details (license plate number, VIN), credit/debit card data and/or financial account data, Social Security number, driver’s license, and/or state/federal ID number.
RAA stated steps were taken to enhance security and better secure patient information and impacted persons were provided free identity theft protection and credit monitoring services. RAA has not disclosed to the public how many individuals were impacted.