Triad Radiology Associates Email Breach Affects 11,011 Patients

Triad Radiology Associates (TRA), a leading independent radiology practice in Winston-Salem, North Carolina, recently disclosed a significant email security breach that compromised the personal information of 11,011 patients. The incident, reported to the Department of Health and Human Services on February 6, 2026, serves as another stark reminder of the cybersecurity challenges facing healthcare organizations.

What Happened

On July 30, 2025, Triad Radiology Associates identified suspicious activity involving an employee's email account at their Winston-Salem facility located at 3010 Trenwest Drive. The healthcare provider's investigation revealed that unauthorized access to the compromised email account may have occurred over an extended period between July 11 and September 8, 2025.

The breach was classified as a hacking/IT incident targeting the organization's email system, highlighting the vulnerability of healthcare communication channels to cybercriminal exploitation. While the specific attack vector or threat actor has not been disclosed, email-based breaches often involve phishing attacks, credential theft, or malware deployment.

Who Is Affected

The data security incident impacted 11,011 individuals whose sensitive information was potentially exposed during the nearly two-month breach window. These affected patients likely received services from Triad Radiology Associates, which operates as an independent radiology practice serving the Winston-Salem area and surrounding North Carolina communities.

Patients who may have been affected by this breach should have received notification letters from TRA's legal counsel, as the organization has been working to comply with state and federal breach notification requirements.

Breach Details

The unauthorized access occurred through compromise of an employee email account, with the breach window spanning from July 11 to September 8, 2025. The organization discovered the suspicious activity on July 30, 2025, indicating that the breach was ongoing for approximately 19 days before detection.

Email-based breaches in healthcare settings are particularly concerning because employee email accounts often contain:

• Patient medical records and treatment information
• Protected health information (PHI) shared between providers
• Insurance and billing details
• Personal identifiers and contact information
• Scheduling and appointment data

While TRA has not disclosed the specific types of information that were compromised, the scale of the breach affecting over 11,000 individuals suggests that substantial patient data may have been accessible to unauthorized parties.

What This Means for Patients

For the 11,011 affected individuals, this breach represents a serious compromise of their protected health information. Email breaches can expose patients to several risks:

Identity Theft: Compromised personal information can be used to open fraudulent accounts or make unauthorized purchases.

Medical Identity Theft: Criminals may use stolen health information to obtain medical services, prescription drugs, or file false insurance claims.

Phishing and Fraud: Patients may become targets for follow-up scams using information gathered from the breach.

Privacy Violations: Sensitive medical information may be exposed or sold on dark web markets.

Triad Radiology Associates has taken steps to mitigate these risks by offering credit monitoring services to affected patients at no charge. Patients must enroll within 90 days of receiving their notification letter and will need an internet connection and email account to access these services. Each patient received a unique code in their notification letter required for enrollment.

How to Protect Yourself

If you are among the affected patients, take these immediate steps:

Enroll in Credit Monitoring: Use the unique code provided in your notification letter to enroll in the free credit monitoring services within the 90-day deadline.

Monitor Financial Accounts: Regularly review bank statements, credit card bills, and insurance explanations of benefits for unauthorized activity.

Check Credit Reports: Obtain free annual credit reports from all three major bureaus and look for suspicious accounts or inquiries.

Place Fraud Alerts: Consider placing fraud alerts or security freezes on your credit files to prevent unauthorized account openings.

Watch for Phishing: Be suspicious of unexpected emails, calls, or texts requesting personal information, even if they appear to come from healthcare providers.

Report Suspicious Activity: Contact your healthcare providers, financial institutions, and law enforcement if you notice any signs of identity theft or fraud.

Stay Informed: Monitor communications from Triad Radiology Associates for updates about the investigation and additional protective measures.

Prevention Lessons for Healthcare Providers

The Triad Radiology Associates breach offers several important lessons for healthcare organizations seeking to strengthen their cybersecurity posture:

Email Security: Implement robust email security solutions including advanced threat protection, secure email gateways, and encryption for sensitive communications.

Employee Training: Regular cybersecurity awareness training can help staff identify and report suspicious emails or activities before they result in compromise.

Multi-Factor Authentication: Require MFA for all email accounts and systems containing protected health information to prevent unauthorized access even when credentials are compromised.

Monitoring and Detection: Deploy continuous monitoring solutions that can quickly identify suspicious account activity and potential breaches.

Incident Response: Maintain updated incident response plans that enable rapid detection, containment, and notification of security incidents.

Access Controls: Implement principle of least privilege access and regularly review email account permissions and data access rights.

Regular Security Assessments: Conduct periodic vulnerability assessments and penetration testing to identify potential weaknesses before attackers exploit them.

The healthcare industry continues to face increasing cybersecurity threats, with email systems representing a particularly attractive target for cybercriminals. Organizations must invest in comprehensive security measures and maintain constant vigilance to protect patient information and comply with HIPAA requirements.

This breach serves as a reminder that even established healthcare providers like Triad Radiology Associates can fall victim to sophisticated cyber attacks. The key is implementing layered security controls, maintaining staff awareness, and having robust incident response capabilities to minimize the impact when breaches occur.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.