The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Radiology Associates of Albuquerque Notifies Patients About Security Breach That Started in December 2020

Posted By on Oct 17, 2022

Radiology Associates of Albuquerque (aka RAA Imaging/Advanced Imaging, LLC) has recently notified patients that some of their protected health information was stolen in a cyberattack that was detected more than 12 months previously. RAA said suspicious activity was detected within its environment in August 2021. Prompt action was taken to secure its systems and prevent further unauthorized access, and an investigation was launched to determine the nature and scope of the incident.

The forensic investigation confirmed that unauthorized individuals had access to certain systems between July 22, 2021, and August 3, 2021, and copied files from its network that contained patient data. The investigation also uncovered unauthorized access to email accounts, with the email accounts accessed by unauthorized individuals at various points over the preceding 8 months, between December 22, 2020, and July 15, 2021.

RAA explained in a substitute breach notice on its website that the delay in issuing notifications was due to the time taken to investigate the incident. RAA said the review and cataloging of the affected files took until July 2022 to complete, then it took until September 2022 to verify up-to-date contact information. Notification letters have now started to be sent to affected individuals – 22 months after the first email account was breached, and 14 months after files containing PHI were removed from its systems.

The types of data potentially obtained by the attackers varied from individual to individual, and may have included the following data elements: name, contact information, demographic information, diagnosis, treatment information, information regarding mental/physical condition, medical record number, patient number, health insurance information, billing/claim information, Medicaid/Medicare information, biometric data, electronic signature, email/username and password/pin, marriage certificate, mother’s maiden name, vehicle information (VIN, license plate number), financial account and/or credit/debit card information, driver’s license or state/federal identification number, and/or Social Security number.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

RAA said steps have been taken to improve security and better protect patient data and affected individuals have been offered complimentary credit monitoring and identity theft protection services. RAA has not publicly disclosed how many people have been affected. This post will be updated when the scale of the breach is known.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist