In August 2025, Vital Imaging Medical Diagnostic Centers, LLC, a Florida-based healthcare provider, reported a significant data breach affecting about 260,000 patients. The incident was classified as a hacking and IT intrusion, where unauthorized actors accessed a network server that stored patient information.
According to an official announcement on their website, the matter is now under investigation. For patients, this raises concerns about identity theft, fraud, and the potential loss of personal health information privacy.
At Cory Watson Attorneys, we understand the stress that a healthcare data breach can cause. Our attorneys have decades of experience in complex litigation and consumer protection, securing over $4 billion for our clients. This article explains what happened, what data may be at risk, and steps you can take to protect yourself and consider legal action.
Key Takeaways
- The Vital Imaging data breach affected about 260,000 patients in Florida.
- It was a hacking/IT incident targeting a network server.
- The issue was identified on February 13, 2025, but was not reported until August 21, 2025.
- Data at risk includes names, dates of birth, contact details, and medical or insurance records.
- A substitute notice was issued on August 22, 2025.
- The breach is listed as “under investigation” by OCR.
- Florida’s FIPA law imposes additional state-level reporting requirements.
- Legal guidance can help victims seek compensation for privacy violations and related losses.
What Happened at Vital Imaging
Vital Imaging Medical Diagnostic Centers identified suspicious activity on its network server on February 13, 2025. Despite this early discovery, the breach was not reported to the U.S. Department of Health and Human Services (HHS) until August 21, 2025. The following day, a substitute notice was posted to inform patients who might not have received a direct letter or email.
According to the HIPAA Times, the server intrusion may have exposed sensitive records for thousands of patients. The delay between discovery and reporting highlights the challenges of investigating cyber incidents but also raises concerns about patient protection during the interim.
The HHS OCR portal confirms that the case is “under investigation,” signaling possible regulatory action and the seriousness of the event.
Who Is Impacted and What Data May Be Involved
The breach may have compromised records for around 260,000 individuals. While details are still being verified, the following types of information may have been exposed:
- Names
- Contact details
- Dates of birth
- Medical records
- Insurance information
There is no confirmation that Social Security numbers were involved. Even without that, exposure of health and insurance records creates risks of medical identity theft. Patients across Florida, including those in Miami, Tampa, Jacksonville, Orlando, Tallahassee, Fort Lauderdale, Sarasota, and West Palm Beach, could be affected.
How to Check if You Were Affected
Patients should review any notices received by mail or email. If no direct notice has arrived, check the substitute notice on Vital Imaging’s website. Florida’s Information Protection Act (FIPA) requires timely communication when residents’ data is compromised.
Keep a record of all correspondence and, if in doubt, contact Vital Imaging directly. Under HIPAA, you have the right to know what data was involved and what measures are being taken in response to it.
Immediate Protection Steps for Patients
If your data may have been exposed, consider the following measures:
- Place fraud alerts or credit freezes with major credit bureaus.
- Update account passwords and enable two-factor authentication.
- Review health insurance claims and Explanation of Benefits (EOBs) for unfamiliar charges.
- Be alert for phishing messages using your medical or insurance details.
At Cory Watson Attorneys, we help patients impacted by healthcare data breaches. Our client-first approach ensures that you pay nothing unless we successfully recover compensation on your behalf.
HIPAA, OCR, and Florida Law in Plain Terms
Healthcare providers must follow HIPAA rules, which require them to notify both patients and the HHS within 60 days of discovering a breach. The six-month gap between discovery and reporting at Vital Imaging raises questions that the OCR investigation will address.
Florida’s Information Protection Act (FIPA) also requires that state residents be promptly informed if their personal information is compromised. These laws are intended to safeguard patient privacy and ensure accountability.
For patients, this means you have enforceable rights to timely notice and accurate information in the event of a breach.
Potential Legal Claims and Compensation
Patients may pursue legal claims if a provider failed to protect their data. Possible compensation can include:
- Costs for credit monitoring and fraud prevention
- Time and money spent resolving fraudulent accounts
- Compensation for stress and loss of privacy
Evidence such as breach letters, financial records, and proof of fraudulent activity can strengthen a claim. Cory Watson has decades of experience handling large-scale privacy and consumer protection cases and is prepared to hold healthcare providers accountable for their actions.
Frequently Asked Questions
Was Social Security information exposed?
There is no confirmation; the investigation is ongoing.
How many patients were affected?
About 260,000 patients were affected.
What data was involved?
Names, contact details, dates of birth, and certain medical and insurance information.
Which Florida cities are included?
Miami, Tampa, Jacksonville, Orlando, Tallahassee, Fort Lauderdale, Sarasota, and West Palm Beach.
What does OCR’s investigation mean?
It means that regulators are reviewing whether HIPAA rules were followed and whether penalties may be imposed.
How do I know if I was impacted?
Check your mail, email, and Vital Imaging’s substitute notice for confirmation.
Do I need to live in Florida now to be affected by this?
No. Former patients may still be impacted regardless of their current residence.
Will joining a lawsuit cost me money up front?
No. Our firm works on a contingency basis; you pay nothing unless we recover compensation.
Next Steps
If you believe your information was compromised in the Vital Imaging data breach, take action quickly. Secure your accounts, monitor your credit, and consider legal guidance if you have experienced financial or emotional harm.
Our attorneys at Cory Watson offer free, confidential consultations to review your case and explain your rights.
Contact us today to request a free case evaluation. We are committed to helping patients protect their information and holding negligent providers accountable.
About Cory Watson Attorneys
Cory Watson Attorneys is a nationally recognized law firm with offices in Birmingham, Nashville, and Memphis. For more than 40 years, we have represented clients in complex litigation involving data breaches, consumer protection, and mass torts.
With over $4 billion recovered, our attorneys have held leadership roles in numerous national cases. We are dedicated to protecting patients’ rights and ensuring that victims of healthcare data breaches obtain justice.