Time For Healthcare Organizations To Rethink Storing Social Security Numbers?

April 2, 2025

A New York radiology group, East River Medical Imaging PC, agreed to pay $1.85 million to settle a class action lawsuit following a cybersecurity incident that occurred between August and September 2023.

The data breach potentially affected more than 533,000 individuals, with leaked information including names, contact and insurance information, exam details, and Social Security numbers.

The lawsuit was filed in December 2023, and after nearly a year, the case is set to close with a court hearing slated for October 22 to grant final approval of the settlement. Plaintiff attorney Benjamin F. Johns estimated that about 20,000 individuals have filed claims seeking a share of the payout. The settlement allows class members to collect a maximum of $7,500 each.

https://radiologybusiness.com/topics/health-it/radiology-practice-must-pay-185m-settle-class-action-lawsuit-stemming-cyberattack

Commentary

According to the source, the radiology group was storing Social Security numbers (SSN) of patients. With today's cyber risks, healthcare organizations should seriously reconsider storing complete SSNs for several reasons:

  • Collecting full SSNs increases the risk of data breaches, as seen in the case of East River Medical Imaging PC, where a cybersecurity incident exposed sensitive information, including SSNs, of over 533,000 individuals.
  • Full SSNs are a prime target for identity thieves. If healthcare organizations only collect the last four digits, the risk of identity theft is significantly reduced.
  • By limiting the collection of SSNs, healthcare organizations can better comply with data protection regulations and avoid legal repercussions. The settlement in the East River Medical Imaging case highlights the financial and reputational costs of failing to protect sensitive patient information.
  • Reducing the amount of sensitive information collected can enhance patient trust. Patients are more likely to feel secure knowing that their full SSNs are not stored in the organization's database, reducing their vulnerability to identity theft.

If a healthcare organization has to store full SSNs for reimbursement or compliance, they should seriously consider encryption or siloing and requiring multi-factor authorization before someone can access a full social security number and notice to security when social security numbers are accessed.

The final takeaway is that by not storing full SSNs, healthcare organizations can better protect patient information, comply with regulations, and maintain patient trust.

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Preventing Fraudulent Collaboration Between Employees And Commercial Customers

A real estate developer is sentenced to 13 years in prison. His crime? Bringing down a financial institution with fraudulent loans. We examine.

Microsoft Support Scam Uses Proven Social Engineering Technique Against Organizations

The Black Basta ransomware group is targeting organizations with ransomware by offering to fix a problem they created. We examine.

Time For Healthcare Organizations To Rethink Storing Social Security Numbers?

A radiology group pays $1.85M for a breach. Social security numbers were stolen. We provide reasons it is time for healthcare to rethink collecting and storing full SSNs.

The Corporate Transparency Act: Spring 2025 Update

The Corporate Transparency Act, aimed at fighting financial crimes, became effective on January 01, 2024. Learn about its current enforcement status.

Do You Think Remote Work Erodes Social Skills? You Make The Call

A survey reveals remote workers' skills are eroding. Is that what you have experienced or think? You make the call.