Radiology Associates of Richmond Discloses Data Breach Affecting ~266K
Radiology Associates of Richmond (RAR) notified individuals starting May 21, 2026, after determining that protected health information in files was accessed without authorization during an incident discovered earlier in 2026. The investigation concluded around April 6, 2026. Notifications were issued out of caution despite no evidence of misuse.
Radiology Associates of Richmond disclosed on May 21, 2026 that an unauthorized party accessed protected health information and personal data belonging to approximately 266,000 individuals. The medical imaging provider began issuing notifications after concluding its investigation on April 6, 2026. The breach occurred earlier in the year, though the precise intrusion window has not been publicly detailed.
Public reporting indicates the exposed information included protected health information such as names, addresses, dates of birth, Social Security numbers in some cases, and clinical records tied to radiology services. RAR stated that it found no evidence of actual misuse of the data and described the notifications as a precautionary measure. Industry research from sources such as DoxxScan™ continuous monitoring indicates that healthcare organizations remain frequent targets because medical records contain long-term personally identifiable information that retains value on underground markets for years after initial exposure.
For executives and high-net-worth families, the incident underscores a persistent risk: healthcare providers often hold not only clinical data but also the same contact and financial details used across banking, investment, insurance, and estate-planning relationships. A single breach can therefore supply adversaries with the seed information needed to impersonate family members, file fraudulent tax returns, or initiate unauthorized wire transfers. When the affected individuals include children or dependents whose records are linked to a parent’s address or policy, the exposure can persist undetected for months.
The doxxing and identity-chain implications extend beyond the initial records. Once personal details from a healthcare breach surface on dark-web forums, threat actors frequently combine them with credentials from earlier leaks, gaming-platform handles, or social-media accounts. This creates cascading exposure: an email address tied to a child’s Roblox or Fortnite account can be tested against the parent’s reused password, leading to account takeover, location disclosure, and further targeting of family members. Available reporting describes how such identity chains accelerate doxxing campaigns against prominent or affluent households.
What to do
- Run a DoxxScan to map every link between your handles, emails, phone numbers, and real-world identity, using the 72hr free trial of Warden.
- Enable continuous DoxxScan monitoring across 15B+ breach records and 100+ platforms so the next exposure is identified and addressed within hours rather than months.
- Immediately rotate any password used at Radiology Associates of Richmond or affiliated patient portals wherever it has been reused, and enforce 2FA through an authenticator app rather than SMS.
- Cover the entire household with DoxxScan family coverage, which extends to dependents and children’s gaming accounts that often chain back to the same residential address or parent email.
- For executives and family offices, layer on hands-on remediation specialists who can execute targeted takedown requests across data brokers and underground marketplaces.
Healthcare breaches of this scale demonstrate that reactive notification months after discovery is no longer sufficient protection. Organizations and families alike require proactive visibility into how their data moves across the digital ecosystem. DoxxScan by GalaxyWarden delivers that visibility through continuous monitoring across 15B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and household coverage that explicitly includes children’s gaming accounts where credential leaks routinely cascade into account takeovers and doxxing chains.
Related breaches
Crunchbase Massive Personal Records Leak — January 2026
ShinyHunters exfiltrated approximately 2 million records from the business-intelligence platform Cru…
Navia Benefits Administration Breach — March 2026
2.7 million individuals had names, SSNs, DOBs, contact information, and benefits administration data…
Brightspeed Fiber Broadband Incident — January 2026
Crimson Collective ransomware group allegedly stole personal data of over 1 million Brightspeed cust…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →