In early 2025, Mount Baker Imaging and Northwest Radiologists, two prominent medical imaging providers in Bellingham, Washington, experienced a significant data breach that has impacted the personal and medical information of over 348,000 Washington residents. This breach, which occurred between January 20 and January 25, was only publicly acknowledged in March 2025, and notifications to affected individuals were sent out months later in July.
If you or a loved one received medical services from Mount Baker Imaging or Northwest Radiologists, your sensitive data may have been compromised. Emery | Reddy, PLLC is here to help you understand your rights and explore your legal options.
What Happened?
The breach was initially described as a network disruption, but forensic investigations later confirmed unauthorized access to internal systems and data exfiltration. While the providers have not disclosed whether this was a ransomware attack or another form of cybercrime, the absence of a public claim by any extortion group leaves many questions unanswered.
- The compromised data includes:
- Full names
- Addresses and phone numbers
- Dates of birth
- Email addresses
- Social Security numbers
- Driver’s license or state ID numbers
- Medical diagnoses and treatment information
- Provider names
- Medical record and patient ID numbers
- Health insurance details
- Treatment cost information
This level of exposure puts individuals at risk for identity theft, medical fraud, and other forms of exploitation.
How Did the Providers Respond?
Mount Baker Imaging and Northwest Radiologists have stated that, as of their last update, there is no evidence of misuse of the stolen data. However, they have offered complimentary credit monitoring and identity theft protection services to affected individuals as a precaution.
They also engaged outside forensic specialists and reportedly worked with the FBI to investigate the breach. Despite these efforts, the delay in notifying patients and the lack of transparency about the nature of the attack have raised concerns among cybersecurity experts and legal professionals.
Legal Implications and Your Rights
Under HIPAA and Washington State law, healthcare providers are required to safeguard patient data and notify individuals promptly when breaches occur. The delay in notification and the scale of the breach may constitute violations of data protection laws, opening the door for legal action.
If you were affected, you may be eligible to pursue your own legal claim.
Contact Emery | Reddy Today
At Emery | Reddy, we protect Washington workers and consumers from corporate negligence and privacy violations. If your data was compromised in the Mount Baker Imaging data breach, we can help you understand your legal rights.
Our team is committed to holding healthcare providers accountable and ensuring that your privacy is respected. Call us today.
