Radiology practice alerts state and customers after hackers target patient records

A California radiology practice is alerting state authorities and patients after hackers recently gained access to its health records.

Sutter Buttes Imaging reported the incident to Attorney General Xavier Becerra on Feb. 9, noting that unauthorized individuals infiltrated its records through an unspecified third-party IT infrastructure.

Records retrieved in the incident included dates of service, patient birthdays, imaging procedure received, and unique numbers created by SBI to identify customers and exams. However, hackers did not obtain social security or credit card numbers, insurance info, diagnoses, rad reports or medical images, the Yuba City practice said in an alert.

“SBI takes privacy and security matters very seriously,” Sutter Buttes Imaging said. “We conducted a thorough investigation and took several critical steps to address the identified IT vulnerabilities and to prevent a similar incident from happening again.”

In response, the practice has closed certain firewall ports and engaged outside IT consultants to help bolster security controls in the future. It’s also urging customers who utilized their imaging services to consider obtaining a credit report and placing a 90-day fraud alert to monitor suspicious activity.

SBI believes the breach occurred sometime between July 2019 and December 2020. The practice said it found no evidence that hackers inappropriately disclosed or used the information.