Class action filed after HHS warns 130 hospitals, health systems left millions' PHI exposed

Two patients filed a class action against two radiology companies after more than 1 million patients who received care at hospitals nationwide may have been exposed because of vulnerabilities in medical imaging archiving software.

Five things to know:

  1. In mid-2019, cybersecurity researchers analyzed 2,300 medical images hosted by picture archiving communications systems, which hospitals use to share medical images and data, according to court documents.

  2. The researchers discovered flaws in Northeast Radiology and Alliance HealthCare's service that allegedly permitted unauthorized access to more than 1.2 million patients' protected health information. The PHI that was exposed allegedly includes 61 million X-rays, CT scans, MRIs, medical test results, patient names, Social Security numbers and more.

  3. The researchers contacted the radiology companies, but their warnings were ignored, the court documents said.

  4. Two Northeast Radiology patients are suing the radiology firms on behalf of themselves and the class members to settle damages caused by the breach, the court filings said. The researchers who discovered the breach said the value of the damages exceeds $1 billion and might be as high as $3.3 billion, due to the risk of theft from exposure and a large number of alleged victims.

  5. In a June 29 news release, HHS warned that about 130 hospitals and health systems were using PACS, with more than 2 million patients and 275 million medical images and PHI potentially exposed. 

Copyright © 2025 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


You can unsubscribe from these communications at any time. For more information, please review our Privacy Policy
.
 

Articles We Think You'll Like

You have 0 free articles remaining

Become a Washington Technology Insider today!
Already an Insider? Login here