Active breach tracker North Miami Beach, Florida Disclosed February 28, 2025

Total Medical Imaging Data Breach 2025: 27,000 Affected · Hacking/IT Incident · Florida Teleradiology Business Associate. What To Do.

Total Medical Imaging LLC, a North Miami Beach, Florida teleradiology services provider, filed a HIPAA breach notification with HHS OCR on February 28, 2025, reporting 27,000 affected individuals after a Hacking/IT Incident at Network Server. The HIPAA Journal and calHIPAA February 2025 monthly reports characterize the event as a hacking incident involving a business associate; the entity's individual notification letter is the primary document for affected patients.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Feb 28, 2025

Breach reported to HHS Office for Civil Rights (Hacking/IT Incident, Network Server, 27,000 affected)

Mar 15, 2025

Plaintiff-firm investigation opens (Shamis & Gentile P.A. via ClaimDepot)

Data exposed

02

Health records

Don't expire and can't be reissued

Personally identifiable information (specific elements not enumerated in publicly available summaries)

03

Contact & insurance

Phishing + targeted scams

Names Protected health information associated with teleradiology interpretations
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

Total Medical Imaging LLC, a North Miami Beach, Florida teleradiology services provider that delivers remote interpretation of CT, MRI, ultrasound, and X-ray studies to hospitals, clinics, and outpatient imaging centers, filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights on February 28, 2025, reporting 27,000 affected individuals. The federal regulatory record classifies the event as a Hacking/IT Incident at Network Server. Two independent monthly tracking reports — HIPAA Journal’s February 2025 Healthcare Data Breach Report and calHIPAA’s February 2025 summary — characterize the matter as a hacking incident involving a business associate, meaning a vendor relationship triggered the breach reporting rather than a direct attack on a downstream covered entity’s own infrastructure.

No threat-actor group has publicly claimed responsibility through the sources reviewed here, and Total Medical Imaging has not publicly characterized the attack as ransomware. As of this update, no leak-site posting has been independently confirmed for this incident.

Timeline

  • February 28, 2025 — HHS OCR filing. Total Medical Imaging reports the incident to the federal regulator. The portal entry records 27,000 affected, “Hacking/IT Incident,” location of breached PHI “Network Server,” covered entity type “Healthcare Provider,” and a business associate present.
  • March 15, 2025 — Plaintiff-firm investigation opens. Shamis & Gentile P.A. publicly opens a class-action investigation, indexed through ClaimDepot’s consumer-facing investigation page.
  • May 21, 2025 — Investigation page updated. ClaimDepot’s investigation page is refreshed; no consolidated complaint is identified in the public record at that time.

The gap between the underlying incident date and the February 28, 2025 filing is not specified in the public summaries reviewed. HIPAA Journal’s report notes only that the breach was reported in February 2025 and treats the filing date as the operative public date.

What was exposed

Public summaries describe the breach in terms of category rather than data-element inventory. The OCR portal entry records “Network Server” as the location of breached PHI, which is the standard classification for hacking incidents in which an attacker accessed a server hosting patient records. ClaimDepot’s investigation page describes “sensitive personally identifiable information” as having been compromised.

Because Total Medical Imaging is a teleradiology business associate, the records on its network would typically include:

  • Patient names and contact information
  • Dates of birth
  • Referring-physician and imaging-facility identifiers
  • Imaging study type and clinical indication
  • Radiology reports and interpretations
  • Insurance and billing identifiers, where TMI handled claims data on behalf of a customer

Affected individuals should treat their individual notification letter as authoritative. The letter, not the OCR portal entry, will list the specific data elements exposed for your record, which downstream covered entities (hospitals and imaging centers contracting with TMI) sent the breach notice, and any complimentary monitoring offered.

What the entity is offering

Public reporting reviewed here does not describe a complimentary credit-monitoring or identity-protection product associated with this incident. If one exists, it would be detailed in the individual notification letter mailed by Total Medical Imaging or by the downstream covered entity whose patients were affected. The letter is the document to read carefully when it arrives — it will identify the enrollment portal, the product name, and the deadline to enroll.

Class-action posture

This matter is in the early plaintiff-firm investigation stage. Shamis & Gentile P.A., a Miami-based plaintiffs’ firm, publicly opened a Total Medical Imaging data-breach investigation (indexed via ClaimDepot in March 2025). As of the last update to this page, no consolidated class-action complaint has been publicly identified in the U.S. District Court for the Southern District of Florida (which covers Miami-Dade County) or in Florida state court through the sources reviewed here. The matter remains OCR-open for federal regulatory purposes.

What to do if you may be affected

  • Freeze your credit with Equifax, Experian, and TransUnion. It is free, takes about ten minutes per bureau, and is the single highest-leverage step against identity theft.
  • Read the notification letter carefully when it arrives. Because TMI is a teleradiology business associate, your notification may come from the hospital or imaging facility that referred your study rather than from TMI directly. The letter will list the specific data elements exposed for your record.
  • Watch for medical identity theft. Review explanation-of-benefits statements from your health plan for imaging studies or interpretations you did not receive. Radiology billing fraud is a known monetization path when imaging-vendor data is exfiltrated.
  • Preserve your notification letter. If a class action is filed and certified, the letter is evidence of class membership.
  • Bookmark this page. We update it as the individual notification letter, state-AG filings, established trade-press coverage, or court filings become public.

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.