Associated Radiologists of the Finger Lakes Hit by Network Server Breach Affecting 501 Individuals

Another healthcare data breach has been added to the HHS Wall of Shame, this time involving Associated Radiologists of the Finger Lakes, P.C., a New York-based radiology business associate. The breach, reported on December 29, 2025, affected 501 individuals and resulted from a hacking incident targeting the organization's network server.

What Happened

Associated Radiologists of the Finger Lakes, P.C. experienced a significant cybersecurity incident that compromised their network server infrastructure. The breach was classified as a hacking/IT incident, indicating that unauthorized individuals gained access to the organization's systems through technical means.

As a business associate operating in New York's healthcare ecosystem, the organization provides radiology services to healthcare providers throughout the Finger Lakes region. The breach highlights the growing vulnerability of specialized medical service providers to sophisticated cyberattacks.

The incident was reported to the Department of Health and Human Services (HHS) on December 29, 2025, in compliance with HIPAA breach notification requirements. Under HIPAA regulations, covered entities and business associates must report breaches affecting 500 or more individuals to HHS within 60 days of discovery.

Who Is Affected

The breach impacted 501 individuals who had their protected health information (PHI) stored on Associated Radiologists of the Finger Lakes' compromised network servers. These individuals likely include:

• Patients who received radiology services from healthcare providers partnered with Associated Radiologists
• Individuals whose imaging studies, reports, or related medical records were stored on the affected systems
• Patients from multiple healthcare facilities throughout the Finger Lakes region that utilize the organization's services

As a business associate, Associated Radiologists of the Finger Lakes handles PHI on behalf of covered entities such as hospitals, clinics, and medical practices. This means the breach potentially affects patients from multiple healthcare organizations across their service area.

Breach Details

The breach occurred on Associated Radiologists of the Finger Lakes' network server infrastructure, suggesting that cybercriminals gained unauthorized access to centralized systems containing substantial amounts of patient data. Network server breaches are particularly concerning because they often provide attackers with access to large volumes of information stored across multiple databases and applications.

Key details about the incident include:

• Attack Vector: Hacking/IT incident targeting network infrastructure
• Compromised Systems: Network servers containing patient information
• Scale: 501 individuals affected, crossing the federal breach notification threshold
• Geographic Impact: Patients throughout New York's Finger Lakes region

The classification as a hacking incident indicates that the breach resulted from malicious external actors rather than internal negligence or accidental disclosure. This type of attack often involves sophisticated techniques such as ransomware deployment, network infiltration, or exploitation of system vulnerabilities.

What This Means for Patients

Patients affected by this breach face several potential risks and consequences:

Immediate Concerns:

• Unauthorized access to medical imaging records and radiology reports
• Potential exposure of diagnostic information and health conditions
• Risk of identity theft using compromised personal and health information

Long-term Implications:

• Medical identity theft could result in fraudulent medical services being obtained in patients' names
• Compromised health information could affect future insurance coverage or employment opportunities
• Need for ongoing monitoring of medical records and insurance claims for suspicious activity

Affected individuals should receive breach notification letters within 60 days of the organization's discovery of the incident, as required by HIPAA regulations. These notifications will provide specific details about what information was compromised and what steps patients should take to protect themselves.

How to Protect Yourself

If you believe you may be affected by this breach, take these immediate steps:

1. Monitor Your Medical Records: Review all medical statements and insurance explanations of benefits for services you didn't receive

2. Watch for Suspicious Activity: Be alert for unexpected medical bills or insurance claims related to radiology services

3. Protect Your Identity: Consider placing fraud alerts on your credit reports and monitoring for unusual financial activity

4. Contact Healthcare Providers: Inform your primary care physician and other healthcare providers about the potential breach

5. Document Everything: Keep records of all communications related to the breach and any suspicious activity you discover

6. Stay Informed: Monitor communications from Associated Radiologists of the Finger Lakes and any healthcare providers who use their services

Prevention Lessons for Healthcare Providers

This breach offers important lessons for healthcare organizations and their business associates:

Network Security Hardening: Implement robust network security measures including firewalls, intrusion detection systems, and regular security assessments.

Business Associate Management: Covered entities must ensure their business associates maintain appropriate security controls and regularly assess their compliance.

Incident Response Planning: Develop and test comprehensive incident response plans to minimize damage and ensure rapid breach detection and response.

Employee Training: Provide regular cybersecurity training to help staff identify and prevent potential security threats.

Regular Security Updates: Maintain current security patches and updates across all systems and applications.

The increasing frequency of healthcare data breaches targeting business associates underscores the critical importance of comprehensive cybersecurity programs throughout the healthcare ecosystem.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.