Radiology Associates of Richmond has confirmed a data breach that compromised the personal and health information of over 1.4 million individuals.

The central Virginia-based radiology group reported that unauthorized access to its systems occurred between April 2 and April 6, 2024. The breach was confirmed on May 2, 2025, following a forensic investigation and manual review of affected documents.

According to a notice posted by the practice, the breach exposed personally identifiable information and protected health data, although the organization stated there is no evidence at this time that the compromised information has been misused.
“Upon learning of this issue, we immediately worked to contain the threat and secure our internal environment,” the company said. “We commenced a prompt and thorough investigation into the incident and worked very closely with external cybersecurity professionals experienced in handling these types of situations.”

The Department of Health and Human Services reported that the breach affected 1,419,091 individuals. Radiology Associates began notifying those impacted on July 1 and is offering complimentary credit monitoring services to individuals whose Social Security numbers were exposed.

Founded in 1905, Radiology Associates of Richmond provides diagnostic and interventional imaging services, including X-rays, CT scans, and MR, at hospitals and outpatient centers across the Richmond area.

The company is advising all potentially affected individuals to monitor their financial and medical statements and report any suspicious activity. The breach has not been linked to any known ransomware group.

The incident is one of several large healthcare data breaches reported this month. Anne Arundel Dermatology disclosed a separate breach affecting more than 1.9 million individuals, and the Stormous ransomware group claimed responsibility for stealing data from North Country HealthCare, impacting approximately 600,000 patients.

U.S. Healthcare Homepage