Recently, Charlotte Radiology confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive patient information contained on the company’s computer network. According to Charlotte Radiology, the breach resulted in patients' sensitive and protected health information being accessible to an unauthorized party. The leaked information includes patients’ names, Social Security numbers, addresses, dates of birth, health insurance information, medical record number, patient account numbers, physician names, dates of service, and diagnosis and treatment information. In June 2022, Charlotte Radiology began sending data breach letters to all affected patients.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Charlotte Radiology data breach, please see our recent piece on the topic here.
What We Know About the Charlotte Radiology Data Breach
According to the “Notice of IT Security Incident Affecting Certain Patients” posted on the Charlotte Radiology website, the company detected a network security issue on December 24, 2021. In response, Charlotte Radiology secured its systems, notified law enforcement, and began an investigation with the assistance of a cyber security forensic firm.
Charlotte Radiology reports that “within days,” it was able to contain the incident. However, the company also notes that during the period between December 17, 2021 and December 24, 2021, an unauthorized party gained access to the Charlotte Radiology system. The company confirmed that the unauthorized party was able to access and remove certain files containing sensitive patient information.
Upon discovering that an unauthorized party had access to and removed sensitive patient data, Charlotte Radiology then reviewed all affected files to determine what information was compromised and which patients were impacted. While the breached information varies depending on the individual, it may include your full name, address, date of birth, health insurance information, medical record number, patient account number, physician name, dates of service, and diagnosis and treatment information.
Charlotte Radiology also indicated that the breach impacted patient data from a related practice, Carolinas Imaging Services, LLC. Evidently, Charlotte Radiology supervises and manages the operations of Carolinas Imaging Services. Carolinas Imaging Services provides imaging services in Charlotte, Rock Hill and Huntersville. On April 25, 2022, Charlotte Radiology notified Carolinas Imaging Services that the data security incident impacted certain Carolinas Imaging Services patients.
Based on the nature of the information leaked in the breach, Charlotte Radiology is advising all patients to review their health insurance statements for unauthorized charges.
Around June 2022, Charlotte Radiology sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1967, Charlotte Radiology is a practice group of radiologists based in Charlotte, North Carolina. Charlotte Radiology operates 16 breast centers, a mobile breast center program, two vein centers and several vascular and interventional radiology sites. The company also jointly owns five free-standing imaging centers. Each year, Charlotte Radiology performs more than 1.5 million imaging studies annually for 18 hospitals. Charlotte Radiology employs more than 500 people and generates approximately $34 million in annual revenue.
Why Is Charlotte Radiology Recommending Patients Double-Check Their Insurance Statements?
Following a data breach, state law requires that a company provide a data breach notification letter to anyone affected by the breach. These letters vary in format but generally follow the same structure in that the company explains what led up to the breach, what the company did in response, and what affected parties can do to protect themselves in the wake of the incident.
The Notice of IT Security Incident Affecting Certain Patients posted on the Charlotte Radiology website is standard in many regards; however, it contains one sentence that many other data breach notices do not. Specifically, the company urges all patients to review their health insurance statements for unauthorized charges.
The reason Charlotte Radiology is advising patients to review their insurance statements is to catch healthcare identity theft. Healthcare identity theft is similar to traditional identity theft except that rather than use someone’s information to obtain physical goods, a criminal actor uses a victim’s information to obtain medical care in the victim’s name.
Not only do healthcare data breaches have the potential to lead to a victim being on the hook for medical treatment they never received, but they can also result in inaccurate information being placed into a patient’s medical record. For example, say a hacker obtains a patient’s protected health information in a breach. The hacker may sell that information to a third party, who then takes the information and uses it to obtain medical care in the victim’s name. When the doctors ask the fake patient questions about their allergies, medical history or current list of medication, the information provided ends up in the victim’s medical record. In this way, healthcare data breaches not only present the risk of financial harm but also serious physical injury.
Those who believe they were impacted by the Charlotte Radiology breach should be sure to take all necessary precautions to protect themselves. Additionally, victims of the breach should reach out to a dedicated data breach lawyer to discuss any potential legal claims they may have against the company.