top of page
  • Writer's pictureRajesh Kanungo

512,000 Radiology patients' data stolen

Executive Summary

Consulting Radiologists LTD. (“CRL”) reported that cybercriminals may have stolen the data of roughly 512,000 patients.

This theft was impactful because Patient Health Information was stolen (PHI); PHI is very sensitive and hard to change.


The data may have been breached multiple times as at least two groups, LockBit and Qilin, both claimed in April to have stolen CRL's data


CRL is offering the usual credit monitoring services, but they have no remedy for stolen PHI.



The CRL Incident

On February 12, 2024, CRL detected suspicious activity in its network environment. Upon discovery of this incident, CRL promptly took steps to secure its network and engaged a specialized cybersecurity firm to investigate the nature and scope of the incident. As a result of the investigation, CRL learned that an unauthorized actor accessed certain files and data stored within our network.


The CRL Response

CRL's security consultants investigated the breach and identified which patient's information was compromised.

This happens to be:

Name, Address, date of birth, Social Security number, Health Insurance information, Medical information.

Remedies

CRL offers, by now, irrelevant credit monitoring services for a 1 year no cost service at https://bfs.cyberscout.com/activate


Conclusions

  • There is no remedy for the leakage of personal health information offered.

  • It is not clear what security practices were implemented that led to all the data being stored in an identifiable format or whether de-identification rules were followed.

  • The data may have been breached multiple times as at least two groups, LockBit and Qilin, both claimed in April to have stolen CRL's data

  • There may have been a dearth of monitoring tools as two different groups stole data.

  • It is not clear if radiological data was also stolen.




7 views0 comments

Recent Posts

See All

ARM Memory Security Broken

Executive Summary A team from South Korea, Juhee Kim, Youngjoo Lee, Jinbum Park, Taesoo Kim, Sihyeon Ro, Jaeyoung Chung, and Byoungyoung Lee, was able to use tools to break hardware memory protection

Comments


bottom of page