More than 1.4 million Virginians affected in Radiology Associates of Richmond data breach

RICHMOND, Va. (WRIC) — If you've recently received a letter in the mail warning that your personal information may have been compromised, you’re not alone and it’s not a scam.

Radiology Associates of Richmond (RAR) has confirmed a data breach that affected more than 1.4 million patients in Virginia. According to the company, someone gained unauthorized access to RAR's network in April of 2024, but personnel didn't discover the breach until May of this year. Earlier this month, RAR began mailing notification letters to patients through a security partner called Cyberscout.

Since then, some people have taken to social media questioning the legitimacy of the notice, and sharing concerns that it could be a scam.

Daryl Jackson is a cybersecurity expert, and adjunct instructor at the University of Richmond. He said social media isn’t the best place to verify a security notice because of the misinformation that can often be online.

“Don’t make the social media sites your first step,” Jackson said. “Always go back to the source, meaning the entity that’s claiming to have been breached.”

RAR said it has no evidence that any personal data has been misused. However, the compromised information may include names, dates of birth, medical information and health insurance details. For patients whose Social Security numbers were also accessed, the company is offering one year of free credit monitoring.

Jackson said not all companies are required to provide that service.

“You’ll definitely get the free credit monitoring offer, especially with banks and financial institutions,” he said. “But every entity does not technically have to offer that.”

RAR also encouraged affected patients to consider placing a free fraud alert or security freeze on their credit file through the major credit bureaus.