A large-scale cyber attack has compromised the private information of over 348,000 residents in Washington. The data breach took place between January 20 and January 25, targeting the computer systems of Mt. Baker Imaging and Northwest Radiologists. These companies provide diagnostic imaging services across six locations in Whatcom County.

Cyber Attack Hits Mt. Baker Imaging and Northwest Radiologists

Mt. Baker Imaging offers services such as MRIs, CT scans, X-rays, ultrasounds, and 3D mammograms. The imaging is interpreted by doctors at Northwest Radiologists.

During the cyber attack, hackers accessed personal details including names, home addresses, Social Security numbers, driver’s license numbers, military ID numbers, banking information, health insurance data, and confidential medical records.

Despite the breach occurring in January, the public remained unaware for nearly two months. The company briefly posted a notice on its website calling it a “computer network disruption” and said it was working with the FBI and private cybersecurity experts. That message has since been removed. Currently, there is no mention of the data breach on Mt. Baker Imaging’s website.

Company Delayed Reporting Despite State Rules

According to Washington State law, companies must notify the Attorney General within 30 days of discovering a data breach that affects more than 500 people. However, in this case, the Attorney General’s Office was notified only in July—nearly six months after the incident.

🔓 Australia’s political inboxes hacked — years of classified documents now in hacker hands

The law allows for an extension if the disclosure might interfere with an ongoing investigation, though no specific reason has been given for the delay.

Mt. Baker Imaging and Northwest Radiologists have said there is no proof that any of the stolen information has been misused. Still, this explanation hasn’t stopped legal consequences from unfolding.

A class action lawsuit has been filed in Whatcom County Superior Court. The lawsuit claims that the companies were negligent and failed to provide adequate security protections. It also says that their data systems were so poorly protected that hackers were able to steal highly sensitive patient information without much resistance.

The complaint accuses the medical providers of breaking both state and federal laws. It adds that patients may face ongoing harm from the breach, including financial loss, time spent managing the situation, stress, and emotional distress.

Cybersecurity Fears Grow as More Healthcare Providers Targeted

This data breach is not an isolated incident. Earlier this year, another cyber attack affected DaVita, a national dialysis care provider with centers in Bellingham, Ferndale, and Burlington. That breach impacted about 13,400 Washington residents. The attack was also reported to the Attorney General’s Office.

🧰 CISA Confirms: Microsoft Vulnerability Enables Remote Hijacking of Internal Networks

With the rise of cyber attacks on healthcare providers, more patient data is being put at risk. When medical and financial information is stolen, the consequences can be devastating and long-lasting. Victims of such attacks may have to deal with issues like identity theft, bank fraud, and emotional damage for years.

The growing number of healthcare-related cyber breaches has raised concerns among patients, lawmakers, and cybersecurity experts. Yet, companies continue to struggle with securing private data against evolving threats.