Two patients filed a class action against two radiology companies after more than 1 million patients who received care at hospitals nationwide may have been exposed because of vulnerabilities in medical imaging archiving software.
Five things to know:
- In mid-2019, cybersecurity researchers analyzed 2,300 medical images hosted by picture archiving communications systems, which hospitals use to share medical images and data, according to court documents.
- The researchers discovered flaws in Northeast Radiology and Alliance HealthCare's service that allegedly permitted unauthorized access to more than 1.2 million patients' protected health information. The PHI that was exposed allegedly includes 61 million X-rays, CT scans, MRIs, medical test results, patient names, Social Security numbers and more.
- The researchers contacted the radiology companies, but their warnings were ignored, the court documents said.
- Two Northeast Radiology patients are suing the radiology firms on behalf of themselves and the class members to settle damages caused by the breach, the court filings said. The researchers who discovered the breach said the value of the damages exceeds $1 billion and might be as high as $3.3 billion, due to the risk of theft from exposure and a large number of alleged victims.
- In a June 29 news release, HHS warned that about 130 hospitals and health systems were using PACS, with more than 2 million patients and 275 million medical images and PHI potentially exposed.