Skip to content

Radiology Associates of Richmond Data Breach: Protecting Healthcare Data

Overview

On July 18, 2025, Radiology Associates of Richmond disclosed a data breach exposing protected health and personal information of patients. The breach, reported by SecurityWeek, involved unauthorized access to systems, likely via phishing or exploited vulnerabilities.

Explanation

Attackers gained access through social engineering (e.g., phishing) or exploited vulnerabilities in public-facing systems, exfiltrating sensitive data. The breach exposed names, medical records, and possibly payment details, highlighting vulnerabilities in healthcare IT systems.

Impact

    • Data Breach: Exposure of PHI and PII.

    • Regulatory Scrutiny: Potential HIPAA violations and fines.

    • Reputation Damage: Loss of patient trust.

    • Financial Loss: Remediation and legal costs.

Details

    • MITRE ATT&CK Mapping:

      • Tactic: Initial Access (TA0001): T1566 (Phishing) – Likely used phishing for entry.

      • Tactic: Collection (TA0009): T1005 (Data from Local System) – Exfiltrated PHI/PII.

      • Tactic: Exfiltration (TA0010): T1041 (Exfiltration Over C2 Channel) – Transferred data.

    • IOCs:

      • Domains: None publicly disclosed.

      • IP Addresses: None publicly disclosed.

      • File Hashes: None specific.

      • File Names: None specific.

    • Log Artifacts:

      Jul 18 2025 07:33:21 [Email-Gateway] Suspicious email from [email protected]
Jul 18 2025 07:34:10 [Endpoint] Data exfiltration to 185.199.108.144

    • Remediation:

      • Vendor Patch Guidance: Update endpoint protection; patch public-facing systems.

      • Temporary Mitigations: Enhance email filtering; enforce MFA.

      • Known Workarounds: Conduct phishing training; deploy DLP solutions.

    • Threat Hunting Recommendations:

      • Log Correlation: Monitor email gateways and endpoints for suspicious activity.

      • YARA Rule:

        rule Phishing_Healthcare {
  meta:
    description = "Detects phishing-related artifacts"
    author = "FireCompass Threat Research"
  strings:
    $s1 = "patient_record.pdf" ascii
  condition:
    $s1
}

      • Anomalous Traffic: Monitor for outbound data transfers post-phishing.

Takeaway for CISOs

Healthcare organizations are prime targets for data breaches. CISOs must invest in phishing defenses and data loss prevention.

How FireCompass Can Help: FireCompass Agentic AI Platform simulates phishing attacks and monitors for data exfiltration.

Start your free trial today: www.firecompass.com/trial.

Related Posts:

Author Image

Priyanka Aash

Priyanka Aash is credited with building global communities for cybersecurity leaders and shaping enterprise marketing strategies for over a decade. She has been nominated for the Cybersecurity Excellence Award for her leadership & AI innovations in cybersecurity and honored with the NetApp Excellerate HER award. She is also the author of “The AI Divide,” which explores how artificial intelligence is quietly rewiring human minds and influencing decisions. Earlier, she co-founded CISO Platform, the world’s first online platform for collaboration and knowledge sharing among senior information security executives. Through this, she worked with the marketing teams of IBM, VMware, F5 Networks, Barracuda Networks, Check Point, and others, driving inbound marketing and enterprise growth. Priyanka is passionate about entrepreneurship, enterprise marketing strategy, and building communities that empower CISOs worldwide.

Tags:
Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.