In October 2024, Central Kentucky Radiology (CKR), a Lexington-based imaging provider, became the latest victim of a growing trend in healthcare cyberattacks. An unauthorized actor accessed CKR’s systems over a two-day period, compromising sensitive data for approximately 167,000 individuals. The stolen information includes names, Social Security numbers, birth dates, addresses, insurance details, and medical service records — a deeply invasive breach, though no fraud has yet been confirmed.
While the nature of the attack has not been publicly confirmed, the system disruption and timing strongly suggest a ransomware event — part of a broader wave of escalating cyber threats against the healthcare sector. The breach wasn’t fully investigated and confirmed until May 2025, with notification letters mailed out to affected individuals in June. CKR is now offering 12 months of complimentary credit monitoring and guidance on identity theft protection, though many patients are left questioning how such a critical breach went undetected for months.
In this episode, we examine the CKR breach in the wider context of the healthcare cybersecurity crisis. Topics include:
- The data compromised in the CKR incident and how it may be exploited
- The suspected role of ransomware and why healthcare is a top target
- Systemic vulnerabilities across the sector: outdated software, misconfigured devices, and staffing shortages
- The financial, operational, and reputational consequences of a breach, including regulatory exposure
- Actions affected individuals should take immediately — from freezing credit to enabling two-factor authentication
- How healthcare organizations can improve defenses, including IoT segmentation, EDR deployment, secure cloud storage, and patch management
- Broader lessons from this incident that apply across all healthcare systems, regardless of size
CKR’s experience is a reminder that even small-to-midsize medical providers must adopt enterprise-grade cybersecurity practices. As patient data becomes more valuable — and cybercriminal tactics grow more sophisticated — the margin for error is disappearing.
