Doctors Imaging Group, a radiology practice located in Florida with offices in Gainesville and Palatka, has announced a significant data breach affecting over 171,000 individuals. The breach occurred when unauthorized access was gained by cybercriminals between November 5 and November 11, 2024, leading to the theft of sensitive personal, financial, and medical information from the organization’s network.
In a notice submitted to the U.S. Department of Health and Human Services (HHS) in September 2025, the healthcare provider confirmed that the compromised data includes names, birth dates, Social Security numbers, medical records, and insurance details. This incident raises serious concerns regarding patient privacy and financial security, as hackers managed to exfiltrate a wealth of Protected Health Information (PHI) and Personally Identifiable Information (PII), which are highly desirable on black markets.
The internal investigation initiated by Doctors Imaging Group began after suspicious activity was first detected in November 2024. Cybersecurity experts were engaged to determine the scope and impact of the intrusion, which was concluded on August 29, 2025. Subsequent notification letters were dispatched to affected patients shortly after the investigation’s findings were finalized.
According to the organization’s official statement, files containing sensitive patient information were accessed and downloaded from their network servers. Although the exact motive behind the attack remains unclear, there has been no public claim of responsibility from any ransomware group as of early October 2025. This absence of attribution does not diminish the potential consequences for those impacted, given the volume and nature of the exposed data.
The healthcare sector continues to be a frequent target for cyberattacks, attributed largely to the high value of medical data. Unlike credit card information, which can be quickly cancelled and replaced, medical records and Social Security numbers offer perpetrators long-term opportunities for identity theft and insurance fraud. The extensive range of compromised data—from billing records to treatment information—exposes victims to significant risks, not only financially but also in terms of privacy breaches.
The breach has been officially categorized by the HHS Office for Civil Rights as a “Hacking/IT Incident,” reflecting a troubling trend of increasingly sophisticated cyber intrusions in healthcare. In 2025 alone, numerous incidents affecting hospitals, imaging centers, and health insurance providers have compromised millions of patient records, underlining the systemic vulnerabilities within the sector.
In response to the incident, Doctors Imaging Group has taken decisive actions to mitigate risks and enhance cybersecurity protocols. Following the discovery of the breach, the organization secured the affected systems and notified federal law enforcement agencies. It is also conducting a comprehensive review of its security policies and infrastructure to identify opportunities for improvement and ensure better protection against future attacks.
Patients impacted by this breach are advised to monitor their financial accounts and health insurance statements closely. They should remain vigilant for signs of potential misuse of their personal information and consider utilizing credit monitoring services. This advice underscores the critical need for both healthcare organizations and patients to maintain continuous vigilance in the face of evolving cyber threats.
The incident involving Doctors Imaging Group serves as a potent reminder of the cybersecurity challenges facing the healthcare industry. As organizations digitize records and rely on interconnected networks, they find themselves increasingly vulnerable to sophisticated attacks aimed at stealing valuable information. The breach also highlights the urgent need for timely communication regarding data intrusions, as the significant delay between the breach’s discovery and patient notification reflects lingering challenges in compliance and forensic investigation within the healthcare setting. To safeguard sensitive health data, it is evident that a combination of modern technical measures, such as zero-trust architectures, along with heightened awareness and proactive strategies, is essential for both providers and patients.
