DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NC: Diagnostic Radiology & Imaging notifies 800 patients of phishing incident in 2017

Posted on April 13, 2018 by Dissent

From their notice:

Diagnostic Radiology & Imaging, LLC (or “DRI”) operates multiple imaging facilities in Greensboro, North Carolina under the names Greensboro Imaging and The Breast Center of Greensboro.

On January 31, 2018, DRI became aware of an impermissible disclosure of limited health information about approximately 800 patients. An investigation revealed that on November 11, 2017, an employee of DRI became the victim of a phishing attack. “Phishing” is a type of cybercrime in which individuals are targeted and tricked into revealing sensitive or confidential information. In this case, an attacker emailed DRI employees using an email address that appeared to be legitimate, and one DRI employee revealed information to the attacker that allowed the attacker to access the DRI employee’s work-related email account. Within that DRI employee’s email account, we found a limited amount of information about patients, including names, a general description of imaging services received (including date, type, and location of imaging service), medical record numbers, and in some cases, email addresses and phone numbers. In just a few cases, the patient’s date of birth was also included. As a result, the attacker gained access to that information.

Please note that the attacker did not have access to any of our patients’ Social Security Numbers or other financial information, and for that reason, we do not believe there is any risk of financial harm to our affected patients as a result of this phishing attack.

In accordance with DRI policy, and as required by federal law, DRI is notifying affected patients via first-class mail.

We take the confidentiality and secure handling of patients’ information seriously. Our investigation involved external forensic investigators as well as attorneys with experience in handling these types of incidents. We have policies and procedures in place regarding the confidentiality and security of patient information, and we train our employees on these policies and procedures on a regular basis. In response to this cybercrime, we have retrained our employees and contractors on our policies and procedures relating to privacy and security. We have also implemented more specific training on phishing and other types of cybercrimes to better educate our employees and contractors.

We are very sorry that this happened, and we are taking steps to try to prevent situations like this in the future. If you have any questions or concerns, or if you would like to discuss this matter further, please do not hesitate to call 1-800-638-2869.

Diagnostic Radiology and Imaging, LLC. 1150 Revolution Mill Dr, Suite 9, Greensboro, NC 27405

Related posts:

  • Late notification raises questions about a US Radiology Specialists breach last year
Category: Health DataPhishingU.S.

Post navigation

← NYC Health + Hospitals/Harlem notifies 595 patients of missing laptop with their protected health information
Guardian Jacksonville Notifies 11,521 Patients of Email Compromise of Protected Health Information →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.