Radiology Associates of Richmond Data Breach: 266,000 Affected

Radiology Associates of Richmond (RAR), a Richmond, Virginia-based medical imaging services provider, has disclosed a significant data breach affecting 266,183 individuals. The breach occurred on or around July 25, 2025, when unauthorized actors gained access to the organization's internal systems. RAR engaged external cybersecurity forensic experts to contain the intrusion and conduct a comprehensive investigation into the scope of the compromise.

Following an extensive forensic investigation and manual document review, RAR concluded on April 6, 2026, that files containing protected health information (PHI) pertaining to affected individuals were acquired without authorization. The compromised data potentially includes full names, Social Security numbers, government-issued identification numbers, financial information including credit or debit card numbers, and medical and health insurance details. The organization initiated notification letters to impacted individuals on May 21, 2026, and filed the required notification with the Maine Attorney General's Office.

Affected individuals have been advised to monitor their credit reports and financial statements for suspicious activity. Those whose Social Security numbers were compromised have been offered complimentary credit monitoring services through RAR. Cybersecurity experts recommend that victims of this breach utilize tools such as our email breach checker to determine if their information has appeared in other compromised databases, and employ our password checker to ensure credentials remain secure across all accounts.

This incident follows a previously disclosed breach in April 2024, which resulted in the theft of personal information belonging to 1.4 million individuals from the same organization. RAR reported the earlier breach to the U.S. Department of Health and Human Services (HHS) in July 2025. Security professionals recommend that healthcare organizations implement robust security measures, including regular vulnerability assessments using tools like our SSL/TLS checker and conducting periodic privacy checkup evaluations to prevent similar incidents.