Lowey Dannenberg, P.C. (“Lowey”) is investing claims against Northeast Radiology and its parent company, Alliance HealthCare, Inc., arising from a data breach that may have compromised hundreds of thousands (if not millions) of persons’ medical records. To learn more, or discuss the issues surrounding the investigation, please contact investigations@lowey.com or call 914-997-0500 for more information.

Lowey attorneys initiated an action against Northeast Radiology and Alliance Healthcare on behalf of Plaintiff Bryan Cohen in February 2020 after independent cybersecurity researchers from Greenbone Networks announced in a report that they had uncovered major flaws in Northeast Radiology’s and Alliance HealthCare’s systems. According to Greenbone, researchers were able to access more than 61 million radiological images—e.g., CT scans, MRIs, X-Rays—for approximately 1.2 million patents whose data was stored on Northeast Radiology and Alliance Healthcare’s servers. These files included highly sensitive personally identifiable health information (PHI), including medical test results, diagnoses, and procedure descriptions, in addition to the patients’ names, social security numbers, dates of birth and addresses.

Northeast Radiology issued a press release on March 11, 2020 that confirmed Greenbone’s findings, admitting that “[o]n January 11, 2020, Alliance HealthCare Services notified Northeast Radiology that unauthorized individuals gained access to Northeast Radiology’s picture archiving and communication system (‘PACS’).” The March 11 Press Release further revealed that Northeast Radiology and Alliance HealthCare conducted an internal investigation, which found that at least “29 patients’ information was accessed” during the breach. However, Northeast Radiology and Alliance Healthcare admitted that they were unable to determine how many of the “[o]ther patients’ information . . . also available on the system” was compromised.

The March 11 Press Release also stated that Northeast Radiology and Alliance HealthCare were sending breach notification letters to potentially impacted individuals. The Breach Notification disclosed that “unauthorized individuals” had accessed Northeast Radiology’s and Alliance HealthCare’s systems for at least nine months between April 14, 2019 and January 7, 2020.

On January 28, 2021, Judge Vincent L. Briccetti of the U.S. District Court for the Southern District of New York granted-in-part and denied-in-part Northeast Radiology and Alliance Healthcare Services, Inc.’s motion to dismiss Plaintiff Cohen’s negligence, breach of contract, and N.Y. General Business Law Section 349 claims.

The case is Cohen v. Northeast Radiology, P.C., No. 20-cv-1202 (VB)(S.D.N.Y.)