PET Imaging of Dallas Northeast Email Breach Affects 1,935 Patients

A significant healthcare data breach has struck PET Imaging of Dallas Northeast, a Texas medical imaging provider, exposing the protected health information (PHI) of 1,935 patients. The incident, reported to the U.S. Department of Health and Human Services on June 27, 2025, involved unauthorized access to the facility's email systems through a hacking/IT incident.

What Happened

PET Imaging of Dallas Northeast experienced a cybersecurity incident that compromised their email infrastructure. According to the breach report filed with the HHS Office for Civil Rights, hackers gained unauthorized access to email systems containing sensitive patient information.

The breach has caught the attention of Strauss Borrelli PLLC, a prominent data breach law firm that is now investigating the incident. This legal scrutiny suggests the breach may have significant implications for affected patients and the healthcare provider.

This incident represents another example of how email-based attacks continue to pose serious threats to healthcare organizations. Email systems are particularly vulnerable because they often contain extensive patient communications, medical records, and other sensitive healthcare data.

Who Is Affected

The breach impacted approximately 1,935 individuals who were patients or had interactions with PET Imaging of Dallas Northeast. These affected individuals likely include:

• Current and former patients who received imaging services
• Individuals whose medical information was stored in the compromised email systems
• Patients whose PHI was shared via email communications with other healthcare providers
• Family members or emergency contacts whose information was included in patient records

Given that PET Imaging of Dallas Northeast specializes in positron emission tomography (PET) scans, the affected patients likely sought diagnostic imaging services for various medical conditions, including cancer screening, neurological assessments, and cardiac evaluations.

Breach Details

Entity: PET Imaging of Dallas Northeast
Location: Texas
Entity Type: Healthcare Provider
Breach Type: Hacking/IT Incident
Affected Systems: Email infrastructure
Individuals Affected: 1,935
Date Reported to HHS: June 27, 2025
Business Associate Involvement: Yes

The involvement of a business associate indicates that third-party vendors with access to PHI may have been part of the security incident. Under HIPAA regulations, both covered entities and their business associates must implement appropriate safeguards to protect patient information.

The breach occurred through the organization's email systems, which are governed by HIPAA's Security Rule (45 CFR § 164.312). This rule requires covered entities to implement technical safeguards including access control, audit controls, integrity controls, and transmission security measures.

What This Means for Patients

For the 1,935 affected individuals, this breach potentially exposes various types of protected health information, which may include:

• Patient names and contact information
• Medical record numbers and account details
• Imaging results and diagnostic reports
• Treatment histories and physician communications
• Insurance information and billing records
• Social Security numbers or other identifiers

Under HIPAA's Breach Notification Rule (45 CFR § 164.404), PET Imaging of Dallas Northeast is required to notify affected patients within 60 days of discovering the breach. Patients should expect to receive official notification letters detailing:

• The specific types of information involved
• Steps the organization is taking to investigate and address the breach
• Measures patients can take to protect themselves
• Contact information for questions or concerns

The legal investigation by Strauss Borrelli PLLC suggests that affected patients may have grounds for legal action, particularly if the healthcare provider failed to implement adequate security measures required under HIPAA.

How to Protect Yourself

If you are a patient of PET Imaging of Dallas Northeast or believe you may be affected by this breach, take these immediate steps:

Monitor Your Accounts

• Review all medical and insurance statements for unauthorized services
• Check credit reports for suspicious activity
• Monitor bank accounts and credit card statements regularly

Secure Your Information

• Change passwords for healthcare portals and insurance accounts
• Enable two-factor authentication where available
• Consider placing fraud alerts on your credit reports

Stay Vigilant Against Fraud

• Be cautious of unsolicited calls or emails requesting personal information
• Verify the identity of anyone claiming to represent healthcare providers
• Report suspected identity theft to the Federal Trade Commission

Document Everything

• Keep records of all communications related to the breach
• Save copies of breach notification letters
• Document any suspicious activity or potential fraud

Know Your Rights

• Under HIPAA, you have the right to an accounting of disclosures
• You can request restrictions on how your PHI is used
• Consider consulting with legal counsel if you experience damages

Prevention Lessons for Healthcare Providers

This breach highlights critical cybersecurity vulnerabilities that healthcare organizations must address:

Email Security Measures

• Implement end-to-end encryption for all email communications containing PHI
• Deploy advanced threat protection and anti-phishing solutions
• Regularly update email security protocols and software

Access Controls

• Establish role-based access controls limiting who can access sensitive systems
• Implement multi-factor authentication for all email accounts
• Regularly audit and remove unnecessary access privileges

Business Associate Management

• Conduct thorough due diligence on all third-party vendors
• Ensure business associate agreements include specific security requirements
• Regularly monitor and audit business associate security practices

Incident Response Planning

• Develop comprehensive breach response procedures
• Train staff on recognizing and reporting security incidents
• Establish clear communication protocols for breach notifications

Ongoing Security Assessments

• Conduct regular HIPAA risk assessments and security evaluations
• Implement continuous monitoring of email and IT systems
• Stay current with emerging cybersecurity threats and best practices

The PET Imaging of Dallas Northeast breach serves as another reminder that healthcare organizations remain prime targets for cybercriminals. With patient data increasingly valuable on the dark web, medical facilities must prioritize robust cybersecurity measures to protect sensitive health information.

For healthcare providers seeking to strengthen their HIPAA compliance and security posture, comprehensive solutions are available to help prevent similar incidents.

Learn how HIPAA Agent can help protect your practice.