Recently, Charlotte Radiology confirmed that the company suffered a data breach after an unauthorized party gained access to sensitive patient information contained on the company’s computer network. According to Charlotte Radiology, the breach made sensitive and protected patient health information accessible to an unauthorized party. Information disclosed includes patient names, social security numbers, addresses, birth dates, health insurance information, medical record number, patient account numbers, physician names, dates of service and diagnostic and treatment information. In June 2022, Charlotte Radiology began sending data breach letters to all affected patients.
If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself against fraud or identity theft and what legal options are available to you following the Charlotte Radiology data breach, please see our recent article on the subject. . here.
What we know about Charlotte’s radiology data breach
According to the “Notice of Computer Security Incident Affecting Certain Patients” posted on the Charlotte Radiology website, the company detected a network security issue on December 24, 2021. In response, Charlotte Radiology secured its systems, informed law enforcement and opened an investigation. with the help of a firm of cybersecurity experts.
Charlotte Radiology reports that “within days” she was able to contain the incident. However, the company also notes that during the period between December 17, 2021 and December 24, 2021, an unauthorized party gained access to the Charlotte Radiology system. The company confirmed that the unauthorized party was able to access and delete certain files containing sensitive patient information.
After discovering that an unauthorized party had access to sensitive patient data and deleted it, Charlotte Radiology then reviewed all affected files to determine what information had been compromised and which patients had been affected. Although the information disclosed varies by individual, it may include your full name, address, date of birth, health insurance information, medical record number, patient account number, name of your doctor, dates of service, and information on diagnosis and treatment.
Charlotte Radiology also said the breach impacted patient data at a related firm, Carolinas Imaging Services, LLC. Obviously, Charlotte Radiology oversees and manages the operations of Carolinas Imaging Services. Carolinas Imaging Services provides imaging services in Charlotte, Rock Hill and Huntersville. On April 25, 2022, Charlotte Radiology informed Carolinas Imaging Services that the Data Security Incident had impacted some patients at Carolinas Imaging Services.
Based on the nature of the information disclosed in the breach, Charlotte Radiology advises all patients to review their health insurance records for unauthorized charges.
Around June 2022, Charlotte Radiology sent data breach letters to everyone whose information was compromised as a result of the recent data security incident.
Founded in 1967, Charlotte Radiology is a group of radiologists based in Charlotte, North Carolina. Charlotte Radiology operates 16 breast centers, a mobile breast center program, two venous centers and several vascular and interventional radiology sites. The company also jointly owns five stand-alone imaging centers. Each year, Charlotte Radiology performs more than 1.5 million imaging studies per year for 18 hospitals. Charlotte Radiology employs over 500 people and generates approximately $34 million in annual revenue.
Why does Charlotte Radiology recommend that patients double-check their insurance statements?
Following a data breach, state law requires a company to provide a data breach notification letter to anyone affected by the breach. These letters vary in format but generally follow the same structure in that the company explains what led to the breach, what the company did in response, and what affected parties can do to protect themselves as a result. of the incident.
The Patient Computer Security Incident Notice posted on the Charlotte Radiology website is standard in many ways; however, it contains a phrase that many other data breach notices do not contain. Specifically, the company urges all patients to review their health insurance statements for unauthorized charges.
The reason Charlotte Radiology advises patients to review their insurance statements is to catch healthcare identity theft. Identity theft in healthcare is similar to traditional identity theft, except that instead of using a person’s information to obtain physical assets, a criminal actor uses a victim to seek medical care on behalf of the victim.
Not only can healthcare data breaches force a victim to receive medical treatment they never received, but they can also result in inaccurate information being inserted into a patient’s medical record. For example, suppose an attacker obtains a patient’s protected health information during a breach. The hacker can sell this information to a third party, who then takes the information and uses it to seek medical attention on behalf of the victim. When doctors ask the fake patient questions about their allergies, medical history, or current list of medications, the information provided ends up in the victim’s medical records. In this way, healthcare data breaches pose not only a risk of financial harm, but also serious physical injury.
Those who believe they may have been affected by the Charlotte Radiology breach should ensure they take all necessary precautions to protect themselves. Additionally, breach victims should contact a dedicated data breach attorney to discuss any potential legal claims they may have against the company.