Lumexa Imaging Data Breach Exposes Patient Personal and Health Info

Lumexa Imaging, one of the largest providers of outpatient diagnostic imaging services in the United States, disclosed a data breach that occurred through one of its third-party vendors.

The vendor's network experienced unauthorized access between late March and early April 2026, exposing sensitive patient information held by Lumexa Imaging's affiliated radiology practices and imaging centers.

The breach has been reported to the California Attorney General. The total number of individuals affected has not been publicly disclosed.

An unauthorized individual gained access to a portion of the vendor's network that was dedicated to Lumexa Imaging's affiliated radiology practices and imaging centers. Documents were taken from the vendor's system between March 31, 2026, and April 9, 2026.

On April 9, 2026, the vendor notified Lumexa Imaging that it was investigating suspicious activity within the affected portion of its network.

By April 15, 2026, Lumexa Imaging learned that an unauthorized person may have viewed or obtained copies of documents containing patient information from the vendor's system.

The types of information that may have been exposed varied by document and by individual may have included names, dates of birth, addresses, phone numbers, Social Security numbers, patient account numbers, insurance information, visit dates, diagnoses and other health information related to radiology services.

Lumexa Imaging's response to the breach

The company began notifying affected individuals by letter and is offering free identity monitoring services through Kroll as a precaution.

Affected individuals can activate these services by visiting Kroll's enrollment website and entering the membership number provided in their notification letter. Each letter includes a specific deadline by which consumers must enroll.

Lumexa Imaging has also set up a dedicated call center for questions about the breach at 844-959-7072, available Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time, excluding holidays.

The company can also be contacted at its headquarters at 4200 Six Forks Road, Suite 1000, Raleigh, NC 27609, or by phone at 919-763-1100.

Steps to take if your information was exposed

• Place a credit freeze or fraud alert with Equifax (1-888-378-4329), Experian (1-888-397-3742) and TransUnion (1-833-799-5355) to help prevent new accounts from being opened using stolen information.
• Review credit reports for unfamiliar activity by requesting free copies at AnnualCreditReport.com from each of the three nationwide credit reporting agencies.
• Monitor health insurance statements for unfamiliar services or charges, as exposed health and insurance information could potentially be used for medical identity theft.
• Be cautious of phishing attempts that reference Lumexa Imaging or this data breach by name, and review the company's social media policy to help identify legitimate communications.
• Report suspected identity theft to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338, and consider filing a report with local law enforcement.