Diagnostic Radiology & Imaging, LLC operates multiple imaging facilities in Greensboro, North Carolina under the names Greensboro Imaging and The Breast Center of Greensboro.
On January 31, 2018, Diagnostic Radiology & Imaging, LLC became aware of an impermissible disclosure of limited health information about approximately 800 patients. An investigation revealed that on November 11, 2017, an employee of Diagnostic Radiology & Imaging, LLC became the victim of a phishing attack. “Phishing” is a type of cybercrime in which individuals are targeted and tricked into revealing sensitive or confidential information. In this case, an attacker emailed Diagnostic Radiology & Imaging, LLC employees using an email address that appeared to be legitimate, and one Diagnostic Radiology & Imaging, LLC employee revealed information to the attacker that allowed the attacker to access the Diagnostic Radiology & Imaging, LLC employee’s work-related email account. Within that Diagnostic Radiology & Imaging, LLC employee’s email account, we found a limited amount of information about patients, including names, a general description of imaging services received (including date, type, and location of imaging service), medical record numbers, and in some cases, email addresses and phone numbers. In just a few cases, the patient’s date of birth was also included. As a result, the attacker gained access to that information.
Please note that the attacker did not have access to any of our patients’ Social Security Numbers or other financial information, and for that reason, we do not believe there is any risk of financial harm to our affected patients as a result of this phishing attack.
In accordance with Diagnostic Radiology & Imaging, LLC policy, and as required by federal law, Diagnostic Radiology & Imaging, LLC is notifying affected patients via first-class mail.
We take the confidentiality and secure handling of patients’ information seriously. Our investigation involved external forensic investigators as well as attorneys with experience in handling these types of incidents. We have policies and procedures in place regarding the confidentiality and security of patient information, and we train our employees on these policies and procedures on a regular basis. In response to this cybercrime, we have retrained our employees and contractors on our policies and procedures relating to privacy and security. We have also implemented more specific training on phishing and other types of cybercrimes to better educate our employees and contractors.
We are very sorry that this happened, and we are taking steps to try to prevent situations like this in the future. If you have any questions or concerns, or if you would like to discuss this matter further, please do not hesitate to call 1-800-638-2869.
Diagnostic Radiology and Imaging, LLC. 1150 Revolution Mill Dr, Suite 9, Greensboro, NC 27405