Strauss Borrelli PLLC, a leading data breach law firm, is investigating Radiologic Medical Services, P.C. (“RMS”) regarding its recent data breach. The RMS data breach may have involved sensitive personal information and protected health information belonging to over 56,000 individuals.
ABOUT RADIOLOGICAL MEDICAL SERVICES, P.C.:
RMS is a private corporation of six board-certified radiologists in Iowa that offer a broad spectrum of modalities and specializations.2 The parent company of Muscatine Radiology and Corridor Radiology, RMS has two imaging centers that provide diagnostic interpretations and therapeutic intervention services for imaging patients and referring physicians in Iowa and surrounding states.2 Founded in 1971, RMS is headquartered in Coralville, Iowa, and employs over 10 individuals.
WHAT HAPPENED?
Recently, RMS announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its systems may have been accessed. According to the breach notice, on February 26, 2024, RMS became aware of suspicious activity related to an employee email account.1 As a result, RMS launched an investigation to determine the nature of the incident.
Through its investigation, RMS discovered that sensitive personal information in its systems may have been compromised by an unauthorized third party through two employee email accounts between February 22, 2024, and March 19, 2024. As a result, RMS began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. On September 13, 2024, RMS completed this review. The exact type of personal information potentially exposed has not been made publicly available by RMS. However, on November 12, 2024, RMS filed official notice of the data breach with the U.S. Department of Health and Human Services’ Office for Civil Rights, whose guidelines require entities to report data breaches when they involve protected health information. Additionally, according to state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license number or other unique identification number created or collected by a government body
- Financial account number, credit card number, or debit card number in combination with any required expiration date, security code, access code, or password that would permit access to an individual’s financial account
- Unique electronic identifier or routing code, in combination with any required security code, access code, or password that would permit access to an individual’s financial account
- Unique biometric data, such as a fingerprint, retina or iris image, or other unique physical representation or digital representation of biometric data
On November 12, 2024, RMS posted a notice of the incident on its website. Additionally, RMS began mailing notices to affected individuals. Based on the website breach notice, RMS is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification that RMS posted to its website is below.
If you received a breach notification letter from Radiological Medical Services, P.C.:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
