Active breach tracker Miami, Florida Disclosed August 21, 2025

Vital Imaging Medical Diagnostic Centers Data Breach (Florida, 2025): 260,000 Patients, SSNs and Diagnostic Results Exfiltrated, Class Action Filed and Multiple Investigations Open

Vital Imaging Medical Diagnostic Centers, LLC — a Miami-based outpatient radiology group — reported a February 13, 2025 network intrusion to HHS OCR on August 21, 2025, disclosing that 260,000 patients had Social Security numbers, driver's license numbers, passport numbers, insurance information and diagnostic results exfiltrated. A class action lawsuit has been filed in Miami-Dade County and at least ten plaintiff firms have opened investigations.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Feb 13, 2025

Unauthorized activity detected on Vital Imaging network server; incident discovered the same day.

Feb 13, 2025

Breach detected

Aug 21, 2025

Breach reported to HHS Office for Civil Rights affecting 260,000 individuals (Hacking/IT Incident, Network Server).

Aug 21, 2025

Disclosed publicly

Aug 27, 2025

Plaintiff firms (Schubert Jonckheer & Kolbe, Strauss Borrelli, Wolf Haldenstein, Levi & Korsinsky, Federman & Sherwood) publicly announce class-action investigations.

Feb 19, 2026

Vital Imaging completes its review and confirms the categories of data exfiltrated.

Mar 30, 2026

Vital Imaging publishes substitute notice on vitalimg.com and begins mailing individual notification letters.

Apr 15, 2026

Vital Imaging issues formal Notice of Data Breach via PRNewswire; Massachusetts AG filing (2026-864) also confirmed.

May 1, 2026

Judith Garcia v. Vital Imaging Diagnostic Centers LLC filed in Miami-Dade Circuit Court — first confirmed class action complaint.

Data exposed

01

High-risk identity

Enables financial + identity theft

Date of birth Social Security number Driver's license number Passport number

02

Health records

Don't expire and can't be reissued

Diagnostic results (imaging-related medical information)

03

Contact & insurance

Phishing + targeted scams

Name and contact information Government or state identification number Health insurance information

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Wolf Haldenstein Adler Freeman & Herz LLP Levi & Korsinsky, LLP Federman & Sherwood Schubert Jonckheer & Kolbe LLP Strauss Borrelli PLLC Markovits, Stock & DeMarco, LLC Barnow and Associates, P.C. Cory Watson Attorneys Lynch Carpenter LLP Srourian Law Firm (SLFLA)
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

Vital Imaging Medical Diagnostic Centers, LLC, a Miami-based outpatient radiology group operating eight diagnostic imaging and testing facilities in Miami-Dade County, confirmed in its Notice of Security Incident that on February 13, 2025, an unauthorized actor accessed its network and removed files. The matter was reported to the U.S. Department of Health and Human Services Office for Civil Rights on August 21, 2025, affecting 260,000 individuals.

In its own words, “certain files were removed from our network without our authorization.” Vital Imaging completed the document review on February 19, 2026 and began mailing notification letters by March 30, 2026 — more than a year after the intrusion. A formal Notice of Data Breach was issued via PRNewswire on April 15, 2026, and a corresponding filing was made with the Massachusetts Attorney General (filing 2026-864).

The intrusion occurred within weeks of a large-scale ransomware attack on SimonMed Imaging in Arizona (nearly 1.3 million patients, attributed to the Medusa cybercrime gang). BankInfoSecurity reported the two incidents together, noting the pattern of radiology sector targeting in early 2025. No attacker has been publicly attributed for the Vital Imaging intrusion.

Timeline

  • February 13, 2025 — Unauthorized activity is detected on the network server. The official notice records this as both the incident date and the discovery date.
  • August 21, 2025 — Vital Imaging reports the breach to HHS OCR as a Hacking/IT Incident at Network Server affecting 260,000 individuals.
  • August 27 to 29, 2025 — Plaintiff firms including Schubert Jonckheer & Kolbe, Strauss Borrelli, Wolf Haldenstein, Levi & Korsinsky, Federman & Sherwood, and Lynch Carpenter publicly announce class-action investigations.
  • February 19, 2026 — Vital Imaging completes its forensic review and finalizes the categories of personal information involved.
  • March 30, 2026 — Substitute notice is published on vitalimg.com and individual notification letters are mailed; Kroll is retained as the call-center and remediation vendor.
  • April 15, 2026 — Formal Notice of Data Breach issued via PRNewswire; Massachusetts AG filing (case 2026-864) confirmed.
  • 2026 (date confirmed via court docket) — Judith Garcia v. Vital Imaging Diagnostic Centers LLC filed in Miami-Dade Circuit Court, the first confirmed complaint to move past the investigation stage.

What was exposed

Per the company’s substitute notice, the categories of personal information involved vary by individual and may include:

  • Name and contact information
  • Date of birth
  • Social Security number
  • Driver’s license number
  • Passport number
  • Government or state identification number
  • Health insurance information
  • Diagnostic results

The combination of Social Security number, government identifiers, and diagnostic results places this breach in the high-severity tier: it pairs the identity-theft primitives needed for synthetic-identity fraud with sensitive medical context that has no expiration and no remediation path.

What Vital Imaging is offering

The notice directs affected individuals to a Kroll-operated call center for “fraud assistance and remediation services” and to enroll in Kroll Identity Monitoring at enroll.krollmonitoring.com:

  • Kroll phone: (844) 403-4506, Monday through Friday, 8:00 AM to 5:30 PM CT.
  • Mailing address: 7101 SW 99 Avenue, Suite 109, Miami, Florida 33173.

The substitute notice and the Massachusetts AG letter do not specify a credit-monitoring duration or a public enrollment deadline. Your individual notification letter will include a personal activation code and the deadline date. Enroll before the deadline printed on your letter.

Class-action posture

At least ten plaintiff firms have opened investigations, and at least one lawsuit has been filed. A class action complaint — Judith Garcia v. Vital Imaging Diagnostic Centers LLC — was filed in Miami-Dade Circuit Court. Investigating firms include:

  • Wolf Haldenstein Adler Freeman & Herz LLP
  • Levi & Korsinsky, LLP
  • Federman & Sherwood
  • Schubert Jonckheer & Kolbe LLP
  • Strauss Borrelli PLLC
  • Markovits, Stock & DeMarco, LLC
  • Barnow and Associates, P.C.
  • Cory Watson Attorneys
  • Lynch Carpenter LLP
  • Srourian Law Firm (SLFLA)

The thirteen-month gap between intrusion (February 13, 2025) and mailed notice (March 30, 2026) — well outside the HIPAA Breach Notification Rule’s 60-day window from discovery to notification — is the central liability theory in the public investigation announcements and the filed complaint.

What to do if you may be affected

  1. Enroll in Kroll Identity Monitoring at enroll.krollmonitoring.com using the activation code in your notification letter. Call (844) 403-4506, Monday through Friday, 8:00 AM to 5:30 PM CT, with questions about enrollment or eligibility.
  2. Freeze your credit at Equifax, Experian, and TransUnion. With SSN, driver’s license, and passport numbers in attacker hands, a credit freeze is the single highest-leverage step against new-account fraud.
  3. File IRS Form 14039 (Identity Theft Affidavit) if your Social Security number was confirmed exposed. This places a flag on your IRS account and routes your returns through a fraud-detection filter.
  4. Watch for the Vital Imaging notification letter. The exact data elements involved vary per person — only your letter lists what was exposed about you and the specific enrollment code for Kroll services.
  5. Request a new driver’s license / passport through the relevant agency if your letter confirms those identifiers were exposed. Keep copies of all replacement applications — plaintiff firms ask for them as proof of mitigation costs.
  6. Review insurance explanations of benefits (EOB). Diagnostic result data in attacker hands can enable fraudulent claims under your insurance policy. Report any charges you do not recognize to your insurer’s fraud line.
  7. Preserve your notice letter and envelope. A class action has been filed in Miami-Dade (Judith Garcia v. Vital Imaging Diagnostic Centers LLC) and at least ten firms are investigating — your letter and envelope establish standing.
  8. Stop the ongoing flow of your diagnostic imaging data. HealthConsent files HIPAA restriction requests so the radiology and diagnostic results exposed in this breach are not continuously re-shared across provider networks, clearinghouses, and health information exchanges.

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.