Total Medical Imaging Data Breach 2025: 27,000 Affected · Hacking/IT Incident · Florida Teleradiology Business Associate. What To Do.
Total Medical Imaging LLC, a North Miami Beach, Florida teleradiology services provider, filed a HIPAA breach notification with HHS OCR on February 28, 2025, reporting 27,000 affected individuals after a Hacking/IT Incident at Network Server. The HIPAA Journal and calHIPAA February 2025 monthly reports characterize the event as a hacking incident involving a business associate; the entity's individual notification letter is the primary document for affected patients.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Feb 28, 2025
Breach reported to HHS Office for Civil Rights (Hacking/IT Incident, Network Server, 27,000 affected)
Mar 15, 2025
Plaintiff-firm investigation opens (Shamis & Gentile P.A. via ClaimDepot)
Feb 28, 2025
Breach reported to HHS Office for Civil Rights (Hacking/IT Incident, Network Server, 27,000 affected)
Mar 15, 2025
Plaintiff-firm investigation opens (Shamis & Gentile P.A. via ClaimDepot)
Data exposed
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Total Medical Imaging LLC, a North Miami Beach, Florida teleradiology services provider that delivers remote interpretation of CT, MRI, ultrasound, and X-ray studies to hospitals, clinics, and outpatient imaging centers, filed a HIPAA breach notification with the U.S. Department of Health and Human Services Office for Civil Rights on February 28, 2025, reporting 27,000 affected individuals. The federal regulatory record classifies the event as a Hacking/IT Incident at Network Server. Two independent monthly tracking reports — HIPAA Journal’s February 2025 Healthcare Data Breach Report and calHIPAA’s February 2025 summary — characterize the matter as a hacking incident involving a business associate, meaning a vendor relationship triggered the breach reporting rather than a direct attack on a downstream covered entity’s own infrastructure.
No threat-actor group has publicly claimed responsibility through the sources reviewed here, and Total Medical Imaging has not publicly characterized the attack as ransomware. As of this update, no leak-site posting has been independently confirmed for this incident.
Timeline
- February 28, 2025 — HHS OCR filing. Total Medical Imaging reports the incident to the federal regulator. The portal entry records 27,000 affected, “Hacking/IT Incident,” location of breached PHI “Network Server,” covered entity type “Healthcare Provider,” and a business associate present.
- March 15, 2025 — Plaintiff-firm investigation opens. Shamis & Gentile P.A. publicly opens a class-action investigation, indexed through ClaimDepot’s consumer-facing investigation page.
- May 21, 2025 — Investigation page updated. ClaimDepot’s investigation page is refreshed; no consolidated complaint is identified in the public record at that time.
The gap between the underlying incident date and the February 28, 2025 filing is not specified in the public summaries reviewed. HIPAA Journal’s report notes only that the breach was reported in February 2025 and treats the filing date as the operative public date.
What was exposed
Public summaries describe the breach in terms of category rather than data-element inventory. The OCR portal entry records “Network Server” as the location of breached PHI, which is the standard classification for hacking incidents in which an attacker accessed a server hosting patient records. ClaimDepot’s investigation page describes “sensitive personally identifiable information” as having been compromised.
Because Total Medical Imaging is a teleradiology business associate, the records on its network would typically include:
- Patient names and contact information
- Dates of birth
- Referring-physician and imaging-facility identifiers
- Imaging study type and clinical indication
- Radiology reports and interpretations
- Insurance and billing identifiers, where TMI handled claims data on behalf of a customer
Affected individuals should treat their individual notification letter as authoritative. The letter, not the OCR portal entry, will list the specific data elements exposed for your record, which downstream covered entities (hospitals and imaging centers contracting with TMI) sent the breach notice, and any complimentary monitoring offered.
What the entity is offering
Public reporting reviewed here does not describe a complimentary credit-monitoring or identity-protection product associated with this incident. If one exists, it would be detailed in the individual notification letter mailed by Total Medical Imaging or by the downstream covered entity whose patients were affected. The letter is the document to read carefully when it arrives — it will identify the enrollment portal, the product name, and the deadline to enroll.
Class-action posture
This matter is in the early plaintiff-firm investigation stage. Shamis & Gentile P.A., a Miami-based plaintiffs’ firm, publicly opened a Total Medical Imaging data-breach investigation (indexed via ClaimDepot in March 2025). As of the last update to this page, no consolidated class-action complaint has been publicly identified in the U.S. District Court for the Southern District of Florida (which covers Miami-Dade County) or in Florida state court through the sources reviewed here. The matter remains OCR-open for federal regulatory purposes.
What to do if you may be affected
- Freeze your credit with Equifax, Experian, and TransUnion. It is free, takes about ten minutes per bureau, and is the single highest-leverage step against identity theft.
- Read the notification letter carefully when it arrives. Because TMI is a teleradiology business associate, your notification may come from the hospital or imaging facility that referred your study rather than from TMI directly. The letter will list the specific data elements exposed for your record.
- Watch for medical identity theft. Review explanation-of-benefits statements from your health plan for imaging studies or interpretations you did not receive. Radiology billing fraud is a known monetization path when imaging-vendor data is exfiltrated.
- Preserve your notification letter. If a class action is filed and certified, the letter is evidence of class membership.
- Bookmark this page. We update it as the individual notification letter, state-AG filings, established trade-press coverage, or court filings become public.
Sources
- HHS Office for Civil Rights Breach Portal — the federal regulatory record of this breach (27,000 affected, Hacking/IT Incident, Network Server, Healthcare Provider, business associate present, filed February 28, 2025).
- HIPAA Journal — February 2025 Healthcare Data Breach Report — confirms 27,000 affected count, classifies the event as a hacking incident at a business associate, and ranks the matter among February 2025’s larger filings.
- calHIPAA — Healthcare Data Breach Report for February 2025 — independent monthly tracking source confirming affected count and hacking-incident classification.
- ClaimDepot — Total Medical Imaging Data Breach Investigation — plaintiff-firm investigation page (Shamis & Gentile P.A.); confirms North Miami Beach, Florida location and the entity’s teleradiology business profile.
- Total Medical Imaging LLC — Company Website — entity’s public-facing description of its teleradiology services to hospitals, clinics, outpatient imaging centers, and IDTFs.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- HIPAA Journal — February 2025 Healthcare Data Breach Report
- calHIPAA — Healthcare Data Breach Report for February 2025
- ClaimDepot — Total Medical Imaging Data Breach Investigation
- Total Medical Imaging LLC — Company Website
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.