Radiology Associates of Richmond facing legal pressure after huge data breach

RICHMOND, Va. (WRIC) -- Radiology Associates of Richmond (RAR) is facing a barrage of lawsuits after a data breach impacted more than 1.4 million of its patients.

8News first reported on this massive data breach in July, when Virginians were taking to social media to ask about letters they were receiving in the mail from RAR. These letters informed recipients that their personal data may have been compromised during a data breach.

The compromised data may include things like patients' names, dates of birth, Social Security numbers, account and routing numbers, medical information and health insurance details.

According to RAR, someone gained unauthorized access to its network in April 2024. However, personnel did not discover the breach until nearly a year later.

‘Quite chaotic’: Man arrested after Henrico government employees locked in room

Several class action lawsuits have since been filed against the provider. Though the exact charges vary somewhat between each individual complaint, on the whole, the involved plaintiffs are accusing RAR of failing to appropriately protect and safeguard their personal information.

One such complaint states that, while there are "numerous issues" to be found when examining this data breach, there are four that plaintiffs are significantly concerned about:

• The length of time (15 months) that it took for RAR to recognize and to inform patients that the breach had occurred
• RAR's inability to determine when exactly the data breach took place, as its "security systems were so insufficient"
• RAR's "fail[ure] to state whether it was able to contain or end the cybersecurity threat, leaving victims to fear whether the private information that RAR continues to maintain is secure"
• RAR's "fail[ure] to state how the breach itself occurred"

The complaint in question goes on to state the belief that RAR could have prevented the data breach with proper encryption or other cybersecurity protections.

"Plaintiff and Class [Action] members now face a lifetime risk of identity theft due to the nature of the information lost, which they cannot change and which cannot be made private again," the complaint reads.

Is Virginia’s economy in trouble?

RAR has maintained that there is no evidence that any of the compromised data has been misused. It has also offered free credit monitoring to any patients whose Social Security numbers may have been compromised.

As of the time of reporting, all of the lawsuits have been consolidated into a case with 11 individual named plaintiffs. Said plaintiffs are demanding, among other forms of relief, financial compensation. They would also like this case to see trial by jury.