Strauss Borrelli PLLC, a leading data breach law firm, is investigating Central Kentucky Radiology, PLLC (“CKR”) regarding its recent data breach. The CKR data breach involved sensitive personal information belonging to an undetermined number of individuals.
ABOUT CENTRAL KENTUCKY RADIOLOGY, PLLC:
CKR is a radiologist group based in Kentucky. Today, CKR provides hospital staffing services and image interpretation for medical centers and physicians’ offices across Kentucky.2 Accordingly, CKR physicians specialize in various radiology disciplines, including vascular & interventional radiology, neuroradiology, nuclear radiology, musculoskeletal radiology, and breast imaging.2 Headquartered in Lexington, Kentucky, CKR operates out of a single location.
WHAT HAPPENED?
Recently, CKR reported to the Attorney General of Vermont that it had experienced a data breach in which sensitive personal identifiable information in its care may have been compromised.1 According to the breach notice, on October 18, 2024, CKR became aware of a network disruption in its environment.1 As a result, CKR launched an investigation to determine the nature of the incident.
Through its investigation, CKR confirmed that sensitive personal information in its systems belonging to patients may have been accessed and copied by an unauthorized third party between October 16 and October 18, 2024. As a result, CKR began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. On May 7, 2025, CKR completed this review. The exact type of personal information potentially exposed has not been made publicly available by CKR. However, according to state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license or other government issued ID card numbers (e.g., individual taxpayer ID number, passport number, military ID card number)
- Financial account number or credit or debit card number
- Unique biometric data (e.g., fingerprint, retina or iris image, or other unique biometric representation)
- Genetic information
- Health record or records of a wellness program or similar program of health promotion or disease prevention (e.g., healthcare professional’s medical diagnosis or treatment of the consumer, health insurance policy number)
As a result of the data breach, on June 12, 2025, CKR began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Vermont residents, CKR is providing affected individuals with a list of the specific types of sensitive information impacted and complimentary credit monitoring services. A link to the form breach notification letters that CKR filed with the Attorney General of Vermont is below.
If you received a breach notification letter from Central Kentucky Radiology, PLLC:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
