Bellingham, Washington-based radiology practice Northwest Radiologists is notifying roughly 350,000 Washington State residents that their personal information was compromised in a data breach.
The incident occurred on January 25, 2025, when certain systems were impacted by a “network disruption”, the radiology services provider says.
The incident was initially disclosed in March, when the organization revealed that protected health information (PHI) stored on the affected systems was potentially impacted.
Now, Northwest Radiologists reveals that the attackers had access to its network between January 20 and January 25, and confirms they indeed accessed data on the compromised systems.
According to the radiology practice, names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, driver’s license numbers, government ID numbers, diagnosis and treatment details, health insurance information, financial and banking data, and other information was affected.
The organization says it improved the security of its systems to prevent similar incidents, and is providing the affected individuals with free credit monitoring and identity protection services.
Northwest Radiologists notified the Washington State Attorney General’s Office that 348,118 Washingtonians were impacted by the attack.
However, it is unclear whether residents of other states were also affected, since Northwest Radiologists also operates in Alaska, and the incident has not been listed on the US Department of Health and Human Services’ breach portal.
The radiology services provider has not shared details on the type of cyberattack it fell victim to, but the network disruption might have been caused by ransomware. SecurityWeek has not seen any known ransomware groups claiming responsibility for the incident.
Related: Cost of Data Breach in US Rises to $10.22 Million, Says Latest IBM Report
Related: Who’s Really Behind the Mask? Combatting Identity Fraud
Related: Treasury’s OCC Says Hackers Had Access to 150,000 Emails
Related: Ferry Agency: No Sensitive Info Compromised in Cyberattack
