Radiology Associates of Richmond, Inc. (RAR) experienced a data breach that exposed both personally identifiable information (PII) and protected health information (PHI). An unauthorized actor infiltrated the RAR network and on May 2, 2025 an investigation revealed the cybersecurity incident occurred April 2, 2024 through April 6, 2024.
Exposed information may have included Social Security numbers, dates of birth, address information, financial account or payment card numbers, medical records and health insurance information. The data breach impacted an estimated 1,419,091 individuals.
The data breach was disclosed to the U.S. Department of Health and Human Services on July 1, 2025. Affected patients include 1,279 Massachusetts residents and 80 in Montana.
Radiology Associates of Richmond began notifying affected individuals on July 1, 2025 and published a Notice of Data Security Incident on its own website. The data breach was also disclosed to the California, Massachusetts and Montana Attorney Generals' offices on July 1, 2025.
In additional to required state disclosures, Radiology Associates of Richmond is offering free Cyberscout single bureau credit monitoring services to all affected individuals.
If you receive notification from Radiology Associates of Richmond about this breach, you may want to:
For more information about the company and its services, visit the Radiology Associates of Richmond, Inc. website.
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.