Lexington Diagnostic Data Breach Impacts 29,819 People

Lexington Diagnostic Center recently experienced a significant data breach that impacted the personal information of 29,819 individuals in the United States. The breach occurred when an unauthorized party gained access to one employee's email account and individual data drive on October 4, 2023. This unauthorized access exposed sensitive billing-related documents containing personal information.

After a thorough forensic investigation, it was determined on January 18, 2024, that the compromised files included a variety of sensitive data.

The types of consumer information exposed varied by individual and included:

• Full names
• Dates of birth
• Medical record numbers
• Health insurance identification numbers
• Patient charge descriptor information
• Billing codes

For a limited number of individuals, Social Security numbers were also potentially exposed. While there is no evidence that this information has been misused, the unauthorized access raises concerns about potential identity theft and fraud.

The breach was reported to the U.S. Department of Health and Human Services on December 24, 2024. More details about this disclosure can be found on the HHS Breach Portal and the company's public notice(33203913.1).pdf).

Lexington Diagnostic Center's response

Upon detecting the unauthorized activity, Lexington Diagnostic Center took immediate steps to contain the breach and launched a comprehensive investigation with the assistance of leading cybersecurity experts. The investigation revealed the scope of the breach and identified the specific files that were accessed.

As part of its response, the company began notifying affected individuals on February 12, 2024. Those whose Social Security numbers were potentially exposed were offered complimentary credit monitoring services. Additionally, Lexington Diagnostic Center provided all affected individuals with best practices to protect their information and established a dedicated toll-free response line at (888) 324-1157 for questions and support.

The company has also stated that it is continually evaluating and enhancing its security measures to prevent similar incidents in the future.

Steps to take if you are affected by the data breach

If you have been notified that your information was part of this breach, it is important to take the following steps to protect yourself:

1. Monitor your credit reports: Obtain free credit reports from the three major credit bureaus—Equifax, Experian, and TransUnion—through AnnualCreditReport.com. Review these reports for any unauthorized accounts or inquiries.
2. Place a fraud alert on your credit file: Contact one of the major credit bureaus to request a fraud alert. This will prompt creditors to verify your identity before opening new accounts in your name. You can find more information on fraud alerts through Equifax, Experian, and TransUnion.
3. Consider a security freeze: If you are particularly concerned about identity theft, you can place a security freeze on your credit file. This will prevent credit reporting agencies from releasing your credit report without your authorization. Learn more about security freezes through Equifax, Experian, and TransUnion.
4. Monitor your medical records: Review your health insurance statements and explanation of benefits (EOB) documents for any unfamiliar charges or services. Contact your insurance provider or healthcare provider if you notice discrepancies.
5. Utilize credit monitoring services: If you were offered complimentary credit monitoring, take advantage of this service to detect any suspicious activity on your credit file.
6. Stay vigilant: Regularly check your financial accounts, medical records, and other sensitive information for signs of misuse. Report any suspicious activity immediately to the appropriate institutions.