On January 11, 2020, Alliance HealthCare Services, Northeast Radiology’s healthcare management services provider, notified Northeast Radiology that unauthorized individuals gained access to our picture archiving and communication system (“PACS”), which is used to store radiology images and related information.
We are providing information here about the incident and apologize for any inconvenience or concern it may cause. For many years, Northeast Radiology has been serving the medical imaging needs in New York, Connecticut and surrounding communities, and we remain committed to providing patients the highest quality of care while working to prevent these types of incidents from occurring in the future.
What’s being done about the incident?
Upon learning of the incident, Alliance HealthCare Services launched an internal investigation in coordination with a leading national forensic security firm to understand what happened, review all related security controls, identify any potentially impacted patients, and evaluate systems and processes to further strengthen protections for the PACS.
What are the results of the investigation? What happens next?
The investigation determined that the information of 29 patients was accessed by the unauthorized individuals. We are notifying each of those patients and providing them with details regarding the incident.
Other patients’ information was available on the system, but regarding them, Northeast Radiology and Alliance HealthCare Services do not have evidence about whose particular information may have been accessed, if at all. However, out of an abundance of caution, we are also notifying those other patients. The information potentially involved for each individual varied, but could have included name, gender, age, date of birth, exam description, date of service, image, image description, and medical record number which, in some instances, may have corresponded to the patient’s Social Security Number.
While Northeast Radiology and Alliance HealthCare Services are not aware of any instances of fraud or identity theft as a result of this incident, we have arranged for identity protection and credit monitoring services for individuals whose Social Security Numbers may have been impacted.
How will I know if my data was accessed?
Beginning on March 11, Northeast Radiology is sending written notification to all impacted individuals for whom it has contact information.
What should I do if I do not receive a letter?
If you do not receive written notification, but you are a patient of Northeast Radiology and believe your information may have been impacted in this incident, please call the confidential inquiry line at 1-800-491-8837 between 9:00 a.m. and 6:30 p.m. Eastern Time Monday through Friday.
Individuals should refer to the notice they receive in the mail to learn how they can protect themselves against potential fraud and identity theft. As a precautionary measure, individuals should remain vigilant about reviewing their account statements and credit reports. If unauthorized activity on an account is suspected, individuals should promptly notify the related financial institution or company and report the activity to the proper law enforcement authorities, including the individuals’ local police and their state attorney general.
The Federal Trade Commission offers additional information on fraud alerts, security freezes and ways to avoid identity theft. These can be found by visiting www.ftc.gov/idtheft, calling 1.877.438.4338 or sending a letter to:
Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580