Radiology Associates of Richmond (RAR), a leading radiology provider in central Virginia, has confirmed that more than 1.4 million individuals were affected by a data breach involving unauthorized access to the organization’s systems earlier this year.
Incident Overview
The breach occurred between April 2 and April 6, 2024, during which unauthorized actors accessed RAR’s internal network. A comprehensive forensic investigation has since revealed that sensitive personal and medical information was stored on the compromised systems.
RAR disclosed the breach publicly on July 1, 2025, after concluding its investigation and completing a manual review to identify impacted individuals. The incident is now listed on the U.S. Department of Health and Human Services’ Office for Civil Rights breach portal as one of the most significant healthcare data exposures in 2024.
Information Compromised
The compromised data may include the following:
- Full names
- Social Security numbers
- Medical and other health-related information
While RAR has stated there is currently no evidence of misuse or fraud related to the breach, the potential exposure of Social Security numbers and protected health information raises significant concerns about long-term risks to affected individuals.
Organizational Response
In the wake of the breach, RAR implemented multiple response measures to mitigate risks and protect impacted individuals:
- System Containment and Investigation: The organization immediately isolated affected systems, engaged third-party cybersecurity experts, and launched an internal investigation.
- Individual Notification: Written notices were mailed to all affected individuals starting July 1, 2025. A breach notice was also posted on RAR’s website.
- Credit Monitoring Services: Individuals whose Social Security numbers were exposed have been offered complimentary credit monitoring and identity protection services.
- Regulatory Reporting: The breach has been reported to the appropriate state and federal regulators, in accordance with HIPAA and other compliance requirements.
Ongoing Risk Mitigation
RAR is urging anyone potentially affected by the breach to remain vigilant and take the following steps:
- Review financial and medical statements for unauthorized activity
- Monitor personal credit reports regularly
- Take advantage of the free identity protection services offered
About Radiology Associates of Richmond
Radiology Associates of Richmond is a physician-owned medical practice providing comprehensive diagnostic imaging and interventional radiology services across the greater Richmond area. The group serves nine hospitals, four freestanding emergency centers, and four outpatient imaging locations.
