Lumexa Imaging Data Breach Exposes Patient Personal and Health Info

Published
May 18, 2026
Updated
June 29, 2026
Lumexa Imaging Data Breach Exposes Patient Personal and Health Info
Lumexa Imaging

Lumexa Imaging, one of the largest providers of outpatient diagnostic imaging services in the United States, disclosed a data breach that occurred through one of its third-party vendors.

The vendor's network experienced unauthorized access between late March and early April 2026, exposing sensitive patient information held by Lumexa Imaging's affiliated radiology practices and imaging centers.

An unauthorized individual gained access to a portion of the vendor's network that was dedicated to Lumexa Imaging's affiliated radiology practices and imaging centers. Documents were taken from the vendor's system between March 31, 2026, and April 9, 2026.

On April 9, 2026, the vendor notified Lumexa Imaging that it was investigating suspicious activity within the affected portion of its network.

By April 15, 2026, Lumexa Imaging learned that an unauthorized person may have viewed or obtained copies of documents containing patient information from the vendor's system.

The types of information that may have been exposed varied by document and by individual may have included names, dates of birth, addresses, phone numbers, Social Security numbers, patient account numbers, insurance information, visit dates, diagnoses and other health information related to radiology services.

A total number of 2,994 individuals had their health information compromised, according to a filing with the U.S. Department of Health and Human Services.

Based on the corresponding state attorney general's disclosure, 3,632 Washington residents, 825 Massachusetts residents, 251 Texas residents, 157 Nebraska residents and 98 Vermont residents were impacted. The breach was additionally reported to the attorneys general offices of California and South Carolina.

Lumexa Imaging's response to the breach

The company began notifying affected individuals by letter and is offering free identity monitoring services through Kroll. Affected individuals can activate these services by visiting Kroll's enrollment website and entering the membership number provided in their notification letter. Each letter includes a specific deadline by which consumers must enroll.

Lumexa Imaging has also set up a dedicated call center for questions about the breach at 844-959-7072, available Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time, excluding holidays.

The company can also be contacted at its headquarters at 4200 Six Forks Road, Suite 1000, Raleigh, NC 27609, or by phone at 919-763-1100.

Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info
  • Affected information types not yet disclosed

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Affected Entity
Lumexa Imaging
Consumers Notification date
June 12, 2026
Date of Breach
March 31, 2026
Breach Discovered Date
April 15, 2026
Total People Affected
2994
Information Types Exposed
  • Health Records
  • Name of individual
  • Social Security Number Information
  • Medical Information
  • Health Insurance Information
  • Name
  • Social Security Number
  • Full Date of Birth
  • Health Insurance Policy or ID Number
  • Social Security Numbers
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image