What You Need to Know about the Radiology Associates of Richmond Data Breach

Founded by Dr. Daniel Talley in 1905, the Radiology Associates of Richmond is one of America's oldest private radiology practices. RAR has since been at the forefront of advanced diagnostic, interventional services, and medical imaging. The institution spans seven hospitals and four outpatient centers in central Virginia. RAR has 62 board-certified radiologists, and the practice specializes in breast imaging, neuroradiology, and vascular interventions. 

The practice’s mission emphasizes patient-centered care, community trust, and precision. Despite robust security measures, it experienced a recent cyberattack where data from 1.4 million patients was exposed. This was attributed to unauthorized access to files including birth dates, medical records, insurance details, and names. The practice moved quickly to initiate containment, delaying disclosure of the situation until July 2025.

When Was the Radiology Associates of Richmond Data Breach?

The Radiology Associates of Richmond cybersecurity breach happened between April 2nd and 6th, 2024, after criminals accessed the healthcare provider’s systems through phishing or an unattended access point. During an internal investigation, RAR discovered the breach, confirming the May 2, 2025, incident. The names, birth dates, insurance information, and medical records. 

Despite its prompt network security measures, the Radiology Associates of Richmond delayed notifying the affected parties until July 1, 2025, for a year following the breach. The US Department of Health and Human Services, indicating 1,419,091 people were directly affected, confirmed the scale of the breach. Though there was no evidence of misused data, the reduced disclosure and HIPAA gaps have increased scrutiny.  

How to Check if Your Data Was Breached

If you think your personal information could have been exposed following the breach, the following are key steps to verify and protect your identity. 

1. Contact RAR directly: Call the Radiology Associates of Richmond using their toll-free line during working hours to confirm if your data was exposed. 
2. Check Official notification channels: The RAR contacted affected parties through email or mail in July 2025. Check these channels for a Notice of Data Security Incident. It will outline the data types that were compromised. The email should also offer complimentary credit monitoring for individuals whose Social Security numbers were exposed. 
3. Monitor Financial and medical accounts: check for reports from credit institutions like TransUnion or Experian on unauthorized access. Check the medical statements and review the Explanation of Benefits first for unrecognized services. 
4. If eligible, please sign up for RAR credit monitoring services. These are offered via IDX to warn against fraud. 

If you have already obtained a breach of data notice, act as quickly as possible. The risk of medical identity theft may be high, considering exposed health insurance details.

What to Do If Your Was Breached

If your information was compromised during Radiology Associates of Richmond's data breach, take steps to protect it. 

• Set a fraud alert or a credit freeze: Contact Experian, Equifax, or TransUnion to set a year-long fraud alert. You may also initiate a credit freeze, blocking new account openings. 
• Enroll in credit monitoring: The practice offers 2 years of complimentary identity protection services via IDX. 
• Review Explanation of Benefits statements to check for unauthorized medical services.
• Be wary of any phishing emails where parties claim to be representatives from RAR or financial institutions. 
• Document all breach-related expenses. 

RAR has a call center dedicated to answering breach-related queries. Given the sensitivity of exposed insurance data, proactive monitoring would be essential for at least two years after the allotted protection period. 

Are There Any Lawsuits Because of the Radiology Associates of Richmond Data Breach?

Due to the delays in data breach notification, multiple class action lawsuits have been initiated against the company. Law firms like Edelson Lechzin LLP, Strauss Borelli PLLC, and Lynch Carpenter are assessing claims that Radiology Associates of Richmond did not implement adequate cybersecurity measures. This led to the breach and delayed notification of customers until July 2025, a year after the incident. 

Aside from violating the HIPAA 60-day disclosure rule, it placed affected parties at significant financial risk. The ongoing litigations are seeking compensation for identity theft risk, out-of-pocket costs, and emotional distress incurred. Affected parties notified are encouraged to contact law firms to join the litigation, which may result in damages being paid or extended credit monitoring services. 

Can My Radiology Associates of Richmond Information Be Used for Identity Theft

Sensitive data exposed in the Radiology Associates of Richmond data breach may be used for identity theft. Names, financial account numbers, birth dates, and medical records can be exploited to open fraudulent accounts. Fake insurance claims may be used to obtain medical services or to commit tax fraud. 

Though RAR indicates no evidence of misuse, healthcare information is often placed at a premium on the dark web. So it can resurface months or years later. The inclusion of imaging records also increases the risk of medical identity theft. Criminals can use this data to get unauthorized treatment, exhaust insurance benefits, or change stolen health information. To avoid further problems, you could enroll in the free credit monitoring and place a fraud alert with the main bureaus. 

What Can You Do To Protect Yourself Online? 

You can protect yourself from cyberattacks by doing the following: 

• Enable Two-factor Authentication: This functions as an additional layer of security for the account by requiring further verification. That may be text message coding or Google Authenticator.
• Use a Password Manager or Unique Passwords. Password managers store account credentials so you don’t have to remember the unique code used. You can also create complex passwords using a mix of upper- and lowercase letters or special characters. 
• Regularly Update Software: Update your devices' operating systems, applications, or web browsers periodically to patch security vulnerabilities that can be exploited.
• Secure Wi-Fi Networks: protect your home network using strong passwords and enable WPA3 encryption, which prevents unauthorized access.
• Limit Sharing Personal Information: Consider what you post on social media. Oversharing can make you a target of identity theft. 
• Be Aware of Phishing: Avoid clicking on suspicious links or downloading attachments from emails you do not know or have not been verified. These may contain malware. In the same breath, update your antivirus and other scanning systems to optimize device security. 
• Monitor your Accounts Regularly: Bank and medical accounts should be regularly assessed to determine if there have been any unauthorized transactions. 

By following cybersecurity best practices, you reduce the risk of becoming a victim of breaches. Being proactive and vigilant safeguards your online presence.