On January 21, 2025, University Diagnostic Medical Imaging, PC (UDMI) filed a data breach notice with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party accessed 138,080 patients’ protected health information (PHI).
On November 26, 2024, UDMI detected that an unauthorized party accessed certain files and folders stored on its IT network. The compromised information includes patient names, addresses, dates of birth, referring physicians, medical treatment details, and diagnosis information.
In response, UDMI launched an internal investigation, notified law enforcement, and began notifying affected individuals.
“We have no reason to believe any information has been or will be misused as a result of this incident,” explains the UDMI public data breach notice.
Nonetheless, the company is offering identity protection and credit monitoring services to impacted individuals as a precautionary measure.
As healthcare providers rely more on digital record-keeping, patient data becomes a prime target for cybercriminals. When these criminals gain unauthorized access to sensitive medical information, it can lead to identity theft, financial fraud, and privacy concerns for affected individuals.
Individuals impacted by the UDMI data breach must monitor their financial and medical records for any suspicious activity. They are also encouraged to take advantage of the identity protection services and seek legal counsel if they suspect their data has been misused.
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
See also: How to respond to a data breach
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
No, under U.S. law, consumers are entitled to a free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. So, placing a fraud alert or credit freeze does not incur any costs.