Call Us

Vision Upright MRI Data Breach

Posted on behalf of Arnold Law Firm on March 21, 2025 in Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from Vision Upright MRI, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

​​​​On March 10, 2025, Vision Upright MRI (“Vision”) reported a significant cybersecurity incident to the U.S. Department of Health and Human Services Office for Civil Rights (“HHS”). This incident is categorized as a “Hacking/IT Incident” based on the available information that affected a network server, potentially compromising private and confidential information stored in its system. While this classification suggests unauthorized access to Vision’s IT network, it is also possible that the breach occurred at one of Vision’s vendors or partners, leading to the exposure of sensitive data. According to Vision’s report, approximately 23,031 individuals were impacted by the data breach. 

As the announcement was made only recently, Vision has not yet disclosed additional details. Recently, Heart to Heart began sending data breach notification letters to those affected by the data breach. ​If you received a data breach notification letter from Vision, it indicates that you were affected by the data breach. ​

Founded in 2008 and located in San Jose, California, Vision Upright MRI specializes in multipositional, truly open MRI scanning services. Their technology allows patients to be scanned in various positions—standing, sitting, flexion, extension, rotation, and lateral bending—providing comprehensive diagnostic capabilities. Vision has been serving the community for over 15 years and employs a team of 30 professionals, generating an estimated annual revenue of $5 million.

WHAT INFORMATION IS INVOLVED IN THE VISION UPRIGHT MRI DATA BREACH?

At this time, Vision has not publicly disclosed the specific types of information compromised in the breach. We are actively monitoring for updates and will provide more detailed information as it becomes available.​ Data breaches of this nature often involve sensitive personal information such as names, dates of birth, Social Security numbers, addresses, medical information, health insurance information, and financial information. 

This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity. 

Personal medical information (a specific type of PII) is referred to as Protected Health Information (“PHI”). It is protected under both state and federal law. Healthcare providers and other businesses who handle PHI are required to protect that information. Like stolen PII, stolen PHI can be used by identity thieves to engage in fraudulent activity using your identity. Quite often, PII and PHI are used in conjunction by hackers.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. 

NOTICE: If you received a NOTICE OF DATA BREACH letter from Vision Upright MRI, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.