Expert MRI Data Breach 2025: 209,560 Affected by PEAR Ransomware Attack on California Imaging Provider
Expert MRI, a California diagnostic imaging provider with 15 locations, disclosed a PEAR ransomware attack that exposed protected health information for 209,560 patients. Unauthorized access ran June 2 to August 24, 2025; the group posted 617 GB of stolen data to its dark-web leak site on September 6, 2025.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Jun 2, 2025
Unauthorized access to Expert MRI's computer network begins, per the company's substitute notice.
Aug 24, 2025
Unauthorized access ends; the company later determined files were copied from the network during this window.
Sep 2, 2025
Expert MRI discovers the incident and engages a third-party forensic firm.
Sep 6, 2025
PEAR ransomware group adds Expert MRI to its dark-web leak site and claims to have stolen 617 GB of data.
Sep 12, 2025
Strauss Borrelli PLLC announces a data-security investigation into Expert MRI.
Oct 31, 2025
Expert MRI files HIPAA breach notification with HHS OCR reporting 209,560 affected individuals.
Mar 23, 2026
Expert MRI files a sample notice with the California Attorney General's data-breach registry.
Apr 1, 2026
Walker v. Expert MRI PC class action filed in Los Angeles County Superior Court (case 571783).
Jun 2, 2025
Unauthorized access to Expert MRI's computer network begins, per the company's substitute notice.
Aug 24, 2025
Unauthorized access ends; the company later determined files were copied from the network during this window.
Sep 2, 2025
Expert MRI discovers the incident and engages a third-party forensic firm.
Sep 6, 2025
PEAR ransomware group adds Expert MRI to its dark-web leak site and claims to have stolen 617 GB of data.
Sep 12, 2025
Strauss Borrelli PLLC announces a data-security investigation into Expert MRI.
Oct 31, 2025
Expert MRI files HIPAA breach notification with HHS OCR reporting 209,560 affected individuals.
Mar 23, 2026
Expert MRI files a sample notice with the California Attorney General's data-breach registry.
Apr 1, 2026
Walker v. Expert MRI PC class action filed in Los Angeles County Superior Court (case 571783).
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Expert MRI, a Bellflower, California-based diagnostic imaging provider operating 15 outpatient MRI centers across the state, disclosed a network intrusion that exposed protected health information for 209,560 patients. According to the company’s substitute notice, an unauthorized actor maintained access to Expert MRI’s computer network from June 2, 2025 through August 24, 2025, and copied files containing patient information. The PEAR ransomware group claimed responsibility and posted Expert MRI to its dark-web leak site on September 6, 2025, asserting it had stolen 617 GB of data. Expert MRI filed the breach with the HHS Office for Civil Rights on October 31, 2025, with the California Attorney General on March 23, 2026, and subsequently filed notifications with the attorneys general of at least 13 additional states: Iowa, Maine, Massachusetts, Montana, Nebraska, New Hampshire, Oregon, Rhode Island, South Carolina, Texas, Vermont, Washington, and others. The multi-state filing confirms that the breach affected patients spread across Expert MRI’s referral network nationwide, not limited to California residents.
A dark-web indexing site, databreach.com, catalogued 442,753 rows from the Expert MRI leak as of March 7, 2026 — a figure higher than the 209,560 individuals reported to HHS OCR. The discrepancy may reflect non-unique records, duplicate rows, or data for individuals who fall outside HIPAA’s notification thresholds. HHS OCR’s count remains the authoritative figure for individuals formally notified.
Timeline
- June 2, 2025 — Unauthorized access to Expert MRI’s network begins, per the company’s substitute notice.
- August 24, 2025 — Unauthorized access ends. Forensic review later determines files were copied during this period.
- September 2, 2025 — Expert MRI discovers the incident and retains third-party cybersecurity counsel and a forensic firm.
- September 6, 2025 — The PEAR ransomware group adds Expert MRI to its leak site and claims 617 GB of exfiltrated data. The listing was later removed, which industry observers commonly interpret as a sign of ransom payment.
- September 12, 2025 — Strauss Borrelli PLLC publicly announces a data-security investigation into the company.
- October 31, 2025 — Expert MRI submits its HIPAA breach notification to HHS OCR, reporting 209,560 individuals affected by a Hacking/IT Incident at a network server.
- March 23, 2026 — Expert MRI files a sample notice with the California Attorney General’s data-breach registry.
- April 1, 2026 — Walker v. Expert MRI PC is filed in Los Angeles County Superior Court (case 571783).
What was exposed
Forensic investigation confirmed that copied files contained:
- Full name
- Address
- Date of birth
- Admission date
- Diagnosis information
- Treatment information
For a subset of individuals, the exposed data also included Social Security numbers and driver’s license or state identification numbers. Expert MRI’s substitute notice does not specify the size of that subset, and the company has not stated whether financial-account or payment-card data was involved.
What Expert MRI is offering
Expert MRI is offering affected individuals complimentary credit monitoring and identity-restoration services through Epiq’s Privacy Solutions ID program, which includes one-bureau credit monitoring with alerts, dark-web monitoring, credit-protection, change-of-address monitoring, and access to identity-restoration specialists. The coverage length is either 12 or 24 months depending on the notification received; your mailed letter includes a unique activation code and enrollment deadline.
To activate: visit privacysolutionsid.com, click “Activate Account,” and enter the activation code from your letter. Enrollment is not automatic. For help activating the Epiq service specifically, call 866-675-2006 (Monday through Friday, 9 a.m. to 5:30 p.m. Eastern Time).
The company has also stood up a dedicated general assistance line at 855-720-3740 (Monday through Friday, 8 a.m. to 8 p.m. Central Time, excluding U.S. holidays). General correspondence may be sent to Expert MRI’s corporate office at 9500 Artesia Boulevard, Bellflower, CA 90706.
Class-action posture
At least two plaintiff firms publicly opened investigations within days of the leak-site post: Strauss Borrelli PLLC (announced September 12, 2025) and Potter Handy, LLP, which is recruiting California residents specifically. A putative class action, Walker v. Expert MRI PC, was filed in Los Angeles County Superior Court under case number 571783. Additional complaints from other firms are expected as notification letters reach patients across Expert MRI’s 15 imaging centers.
California plaintiffs may have claims under both HIPAA and the California Confidentiality of Medical Information Act (CMIA). On May 14, 2026, the California Supreme Court issued a plaintiff-friendly ruling in J.M. v. Illuminate Education, Inc. that adopted a “significant risk” standard for pleading a CMIA §56.101 violation, lowering the bar for class certification against healthcare providers that experienced a targeted ransomware intrusion. This development is expected to increase litigation pressure on California imaging providers involved in breach incidents.
What to do
If you received a notification letter from Expert MRI, or you have been a patient at any Expert MRI location since 2024:
- Enroll in the Epiq Privacy Solutions ID monitoring offered in your letter. Visit privacysolutionsid.com, click “Activate Account,” and enter the unique activation code from your letter before the enrollment deadline. For enrollment help, call 866-675-2006.
- Freeze your credit at all three bureaus: Equifax, Experian, and TransUnion. Freezes are free, take roughly ten minutes per bureau, and block new-account fraud even if your SSN was exposed.
- File IRS Form 14039 if your Social Security number was among the data confirmed exposed. This places an identity-theft flag on your tax account and routes your return through manual review.
- Watch your medical Explanation of Benefits statements for procedures or providers you do not recognize. Medical-identity theft often surfaces months after the underlying breach.
- Place a one-year fraud alert with one of the three bureaus if you prefer not to freeze. The bureau you contact is required to notify the other two.
- Keep the notification letter. Plaintiff firms generally require it as proof of class membership when class-action settlements are finalized. California residents should also review the California Confidentiality of Medical Information Act (CMIA), which provides additional private rights of action beyond HIPAA. See our California privacy guide for specifics.
- Stop the ongoing flow of your imaging and diagnostic data. HealthConsent files HIPAA restriction requests so the medical records exposed in this breach are not continuously re-shared across insurance networks, provider portals, and data-broker pipelines. File a restriction request through HealthConsent.
Sources
- Expert MRI — Notice of Cyber Security Event — the entity’s own substitute notice describing the access window and the data elements involved.
- HHS Office for Civil Rights Breach Portal — the federal regulatory record listing 209,560 affected.
- California Attorney General — Expert MRI Notice of Data Breach (PDF) — sample notice letter filed with the CA AG; confirms Epiq enrollment URL, Epiq support line, and coverage length.
- HIPAA Journal — Expert MRI breach coverage — independent trade-press confirmation of the access window, PEAR attribution, and data elements.
- ClaimDepot — Expert MRI Data Breach — aggregator confirming the 209,560 count, discovery date, multi-state AG filings, and call center details.
- Strauss Borrelli PLLC — investigation announcement — confirms PEAR leak-site listing and 617 GB claim.
- Potter Handy, LLP — class action recruitment page — confirms California focus and the August 14–24 file-copying window.
- Law.com Radar — Walker v. Expert MRI PC — Los Angeles County Superior Court class-action filing.
- California Attorney General — data-breach registry — state-level disclosure record.
- DataBreach.com — Expert MRI breach listing — dark-web index showing 442,753 rows catalogued from the PEAR leak as of March 7, 2026.
- Nixon Peabody — CMIA Data Breach Standard Clarified by California Supreme Court — legal analysis of the May 14, 2026 ruling in J.M. v. Illuminate Education, Inc., which lowers the bar for CMIA class actions against California healthcare providers.
Continue reading
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- Expert MRI — Notice of Cyber Security Event
- HHS Office for Civil Rights Breach Portal
- California Attorney General — Expert MRI Notice of Data Breach (PDF)
- HIPAA Journal — Data Breaches Announced by Expert MRI; McElroy & Associates
- ClaimDepot — Expert MRI Data Breach Exposes 209,560 Patients' Records
- Strauss Borrelli PLLC — Expert MRI Data Security Investigation
- Potter Handy, LLP — Expert MRI Data Breach Lawsuit
- Law.com Radar — Walker v. Expert MRI PC (LA County Superior Court)
- California Attorney General — Search Data Security Breaches
- DataBreach.com — Expert MRI Breach (442,753 rows indexed)
- Nixon Peabody — CMIA Data Breach Standard Clarified by California Supreme Court (May 2026)
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.