Doctors Imaging Group, a Florida-based radiology practice has disclosed a data breach that exposed sensitive personal, financial and medical information for more than 171,000 patients. The organization confirmed that unauthorized actors gained access to its network between November 5 and November 11, 2024, during which time files containing protected health information and personally identifiable information were copied and, in some cases, exfiltrated.
The incident was documented in a notice filed with the U.S. Department of Health and Human Services’ Office for Civil Rights in September 2025. According to that filing, the exposed records include names, dates of birth, Social Security numbers, medical records, insurance details, patient account numbers, medical record identifiers, admission and treatment information, and limited financial account information. The breach affects current and former patients and reflects a broader pattern of healthcare-sector intrusions that exploit high-value medical datasets.
Investigation Found Unauthorized Access Nov. 5–11, 2024; Forensics Completed Aug. 29, 2025, and Notification Letters Were Sent Shortly After
Doctors Imaging Group detected suspicious activity in November 2024 and launched an internal investigation supported by external cybersecurity specialists. The organization says affected systems were isolated promptly after discovery and that the forensic review concluded on August 29, 2025. Notification letters to impacted patients were initiated soon after the forensic investigation was finalized.
Forensic teams determined that attackers accessed the practice’s network servers and copied files containing both Protected Health Information and Personally Identifiable Information. The organization reported that all required containment measures were implemented and that law enforcement was notified. At the time of disclosure in September 2025, no ransomware group had publicly claimed responsibility for the intrusion, and the motive of the attackers remained undetermined.
Attackers accessed and copied files containing sensitive personal, financial, and medical information between November 5 and November 11, 2024.
Doctors Imaging Group has said that while the investigation is complete, it continues to monitor for signs of downstream misuse of the data and to coordinate with authorities as needed. The company reported minimal operational disruption, stating that primary clinical and imaging services remained largely uninterrupted during the incident’s containment and recovery phases. The organization added that the breach has been formally recorded by the Office for Civil Rights as a Hacking/IT Incident.
Exposed PHI and PII Elevate Long-Term Identity and Insurance-Fraud Risks; Patients Advised to Monitor Accounts and Consider Credit Protections
The combination of medical records, Social Security numbers and insurance information in a single dataset creates heightened and persistent risk for affected individuals. Medical records and Social Security numbers are particularly valuable to fraudsters because they can facilitate long-term identity theft, insurance fraud, and synthetic identity schemes—threats that are more difficult to remediate than typical payment-card fraud.
Healthcare organizations have been frequent targets of cyberattacks in recent years because stolen medical data retains market value for far longer than financial account details. The breadth of the Doctors Imaging Group exposure—from treatment histories to billing identifiers—gives malicious actors multiple avenues to monetize the theft, including by filing fraudulent insurance claims or assembling dossiers for targeted social-engineering campaigns.
Doctors Imaging Group reported a set of remediation actions and recommendations for those affected. The provider said it secured impacted systems upon discovery, engaged third-party cybersecurity experts to complete a forensic review, notified federal law enforcement, and implemented enhanced network monitoring. The organization also stated it is performing a comprehensive review of its security infrastructure and policies to identify improvements.
The practice urged affected individuals to take a series of protective steps:
• Monitor financial accounts and credit-card activity for unauthorized transactions.
• Review Explanation of Benefits statements and contact insurers about unfamiliar claims.
• Obtain free credit reports and consider placing a fraud alert or credit freeze with the three major credit bureaus.
• Be vigilant for phishing attempts and unsolicited communications that may use stolen medical or personal details to appear legitimate.
Regulatory and Sector-Wide Implications of the Delay Between Discovery and Notification
The timeline of the incident highlights ongoing challenges in healthcare breach response. Doctors Imaging Group detected the intrusion in November 2024 but completed its forensic assessment and began patient notifications in late August and September 2025—a gap of roughly nine to ten months. That interval reflects common friction points in healthcare forensics, including complex data mapping across disparate clinical systems, the time required to validate which records were accessed or copied, and the need to coordinate with law enforcement before public disclosure.
Regulators typically examine whether covered entities have met statutory timelines and exercised reasonable diligence during investigations. The Office for Civil Rights tracks such incidents and may scrutinize whether appropriate safeguards, risk analyses and notification protocols were in place. The waiting period between detection and disclosure can increase patient anxiety and complicate downstream remediation for victims; it also underscores the importance of rapid detection, robust logging and proactive data-inventory practices.
Healthcare Remains a High-Value Target and Smaller Providers Are Vulnerable
The Doctors Imaging Group breach is one in a series of 2025 intrusions affecting hospitals, imaging centers and health insurers that collectively exposed millions of patient records. Smaller and mid-sized providers often rely on interconnected systems, third-party vendors and outsourced services that expand the attack surface. The sector’s shift to electronic records and interlinked billing and clinical workflows means that an incident affecting a single vendor or legacy system can cascade to multiple downstream entities.
Security experts emphasize several mitigations that organizations should prioritize: comprehensive asset inventories, regular vulnerability scanning and patching, least-privilege access controls, multifactor authentication, encryption of sensitive data at rest and in transit, and exercised incident-response plans that include rapid forensic engagement and regulatory coordination.
Doctors Imaging Group said it will continue to provide guidance to affected individuals and will comply with reporting and notification obligations as required by law. The provider has advised patients to monitor their accounts and to follow the protective measures listed in its notification.
For the wider healthcare community, the incident reinforces the need for sector-wide improvements in cybersecurity posture and incident readiness. Patients and providers alike face long-term consequences when medical data is exposed; durable defenses, timely detection and transparent communication remain the primary levers to reduce harm and restore trust.
