Radiology Associates of Richmond faces another breach impacting over 250k

The Richmond-based private practice has faced another breach in recent years, this time impacting approximately 266,000 individuals.

What happened

According to the data breach notice, Radiology Associates of Richmond (RAR) faced a data breach that began on or around July 25th, 2025. Once the unauthorized access was discovered, RAR quickly began an investigation and worked to contain the threat and re-secure their internal environment. RAR did not share exactly when the incident was discovered or the investigation began. The investigation, which concluded on April 6th, 2026, revealed that some protected health information (PHI) had been viewed or accessed.

The notice did not reveal what data was involved in the breach, but did state that some individuals may have had their Social Security numbers accessed. RAR began sending written notices to impacted individuals on May 21st, 2026. According to a notice submitted to the Attorney General of Maine, 266,183 individuals impacted.

The backstory

The current breach RAR is handling is smaller than the breach the organization faced in April of 2024, which ultimately impacted approximately 1.42 million patients. RAR serves a vast number of patients and has approximately 63 radiologists who provide services across seven hospitals and three outpatient imaging centers. Following the incident, at least 10 complaints were filed by victims that argued the radiology practice failed to safeguard their information.

The big picture

Radiology practices have frequently been in the news for data breaches, often leading to large victim counts and class action suits. Earlier this year, Paubox covered a settlement between class members and Consulting Radiologists, a Minnesota-based radiology group that had a data breach impacting over 500,000 individuals. Consulting Radiologists ultimately settled the lawsuit for $2.2M, giving insight into how potential lawsuits against RAR may play out. Other radiologist organizations have faced similar attacks, like Lumexa Imaging, which notified the Attorney General of California of a data breach that took place in April of this year.

While attacks against radiology practices are prevalent, they are part of the growing trend of attacks against healthcare companies at large. According to a recent Paubox report, ransomware attacks alone have increased 264% since 2018.

FAQs

Why do some organizations face multiple data breaches?

Often, attacks are based on opportunity; hackers will simply target organizations that have more obvious vulnerabilities or safeguards. It’s possible that both of these attacks were completely random. It’s also possible that a malicious organization was successful once and decided to target RAR again based on that success.

How does a data breach impact an organization’s reputation?

For some organizations, data breaches can slip by mostly unnoticed. For RAR, that’s not been the case; the impact of the data breach can be directly seen in their Google reviews, which are now flooded with negative comments about the incident.