Expert MRI Data Breach Exposes PII & PHI

Published

December 15, 2025

Updated

December 15, 2025

Expert MRI

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info
Affected information types not yet disclosed

Expert MRI, a leading California-based diagnostic imaging provider, experienced a significant data breach after its computer network was accessed by unauthorized actors between June 2, 2025, and Aug. 24, 2025. The cybersecurity event compromised information includes both personally identifiable information (PII) and protected health information (PHI)

The breach was confirmed after an investigation revealed that files containing sensitive data were copied from the network during this period. The threat actor known as PEAR claimed responsibility for the attack, which involved deploying ransomware and stealing approximately 617 GB of data. The incident was first posted on the dark web on Sept. 6, 2025, with PEAR taking credit for the intrusion on the Tor network.

Exposed data consists of names, addresses, dates of birth, admission dates, diagnosis information, treatment information and, for a smaller subset of individuals, Social Security numbers. This combination of PII and PHI significantly increases the risk of identity theft and fraud for those affected, as attackers may use this data for malicious purposes.

The breach is considered severe due to the volume and sensitivity of the data involved, as well as the method of attack. The actors not only gained unauthorized access but also exfiltrated and publicly claimed possession of a large cache of confidential medical and personal records.

The breach was disclosed to the public through a detailed notice, which can be found on Expert MRI's cybersecurity event notice page.

Expert MRI's response

In response to the breach, Expert MRI worked closely with third-party cybersecurity professionals to investigate the incident and assess the scope of the data involved. The company has reviewed the affected data to identify individuals whose information was compromised.

If you believe your personal information may have been compromised in this breach:

Carefully review any notice or communication you receive from Expert MRI or a company that does business with Expert MRI.
Monitor financial accounts and credit reports for signs of identity theft.
Consider placing fraud alerts or credit freezes with the major credit bureaus.
Be cautious of unsolicited emails or phone calls requesting personal information.

For affected individuals with questions, Expert MRI has set up a call center at 855-720-3740, Monday through Friday, 9 a.m. to 5 p.m. ET.