Expert MRI Data Breach Exposes 209,560 Patients' Records

Expert MRI, a California-based diagnostic imaging company specializing in MRI, CT, X-ray and ultrasound services, experienced a data breach that affected approximately 209,560 individuals in the United States. The breach involved unauthorized access to the company's computer network and the copying of files containing sensitive personal and medical information.

The breach was disclosed to the U.S. Department of Health and Human Services on Oct. 31, 2025, and to the California Attorney General on March 23, 2026. The company posted a notice about the event on its website and began notifying affected individuals by mail.

What happened in the Expert MRI data breach

Expert MRI identified evidence of potential unauthorized access to its systems on Sept. 2, 2025, leading the company to launch an investigation.

The investigation determined that an unknown actor gained access to and copied certain files between Aug. 14, 2025, and Aug. 24, 2025, according to the consumer notification letter. An earlier notice posted on the company's website described a broader window of unauthorized access to the network, stating it occurred between June 2, 2025, and Aug. 24, 2025.

On Sept. 6, 2025, a ransomware group known as PEAR claimed responsibility for the attack on a dark web forum hosted on the Tor network. The group claimed to have obtained 617 GB of data from Expert MRI.

The types of information exposed included both personally identifiable information and protected health information such as names, addresses, dates of birth, admission dates, diagnosis information, treatment information, Social Security numbers and driver's license or state identification numbers.

Expert MRI's response to the breach

Expert MRI is offering affected individuals complimentary credit monitoring and identity restoration services through Epiq's Privacy Solutions ID program. The services include one-bureau credit monitoring with alerts, dark web monitoring, credit protection, change of address monitoring and identity restoration assistance.

Affected individuals received a unique activation code and enrollment deadline in their notification letter and can enroll at privacysolutionsid.com. Enrollment is not automatic. Individuals must sign up on their own to activate the services.

For questions about the breach, affected individuals can call Expert MRI's dedicated assistance line at 855-720-3740, Monday through Friday from 8 a.m. to 8 p.m. Central Time, excluding U.S. holidays. They can also write to Expert MRI at 9500 Artesia Blvd., Bellflower, CA 90706.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze on credit files by contacting Equifax (1-888-298-0045), Experian (1-888-397-3742) or TransUnion (1-833-799-5355).
• Request free credit reports at AnnualCreditReport.com and review them carefully for unfamiliar accounts or suspicious activity.
• Review Explanation of Benefits statements from health insurers for medical services, claims or appointments that were not received or authorized.
• Monitor financial accounts and bank statements closely for unauthorized transactions, particularly since Social Security numbers and driver's license numbers were involved in this breach.
• Be cautious of phishing attempts that reference Expert MRI or this data breach by name, as scammers may try to use details from the breach to make fraudulent messages appear legitimate.
• Report suspected identity theft to the Federal Trade Commission at identitytheft.gov or by calling 1-877-438-4338.