American Registry of Radiologic Technologists notifies members of data incident
The American Registry of Radiologic Technologists today shared news of a data collection incident from an unauthorized source, according to a notification sent out to its members.
The notice email update indicated that a source outside of the ARRT was trying to access data through the “verify credentials” database on its website. Immediate attention was called to the activity and steps were taken to ensure the security of members’ confidential data.
“ARRT investigated this activity immediately, determined it was from an unknown and unauthorized source, took steps to block the access, and confirmed our data and information technology security measures were functioning as intended,” the email said.
An internal review was conducted to determine whether sensitive, nonpublic personal data, like social security numbers, had been leaked. Although the investigation did not uncover any evidence that unauthorized access to private information had been achieved, ARRT went one step further by hiring an outside organization that specializes in digital security reviews. That assessment again reassured the organization that no privileged information had been compromised.
“As a result of reviewing this incident, we learned this unauthorized entity accessed public data about R.T.s, including those who’d opted out of ARRT’s online directory,” the notification reads. “We have notified those individuals.”
For the sake of transparency and out of an abundance of caution, the ARRT notified all registered technologists of the incident. The organization maintains that it has since made further improvements to security features. However, ARRT members must keep in mind that employers must verify their credentials with certain sensitive information provided on job applications.
“The Request Verification tool requires the searcher to have two of the three following pieces of information: Social Security number, date of birth, and/or ARRT ID,” the update said. “R.T.s must provide that verification information to the employer or prospective employer. That information is not available from ARRT.”
The ARRT has set up a call center dedicated to issues pertaining specifically to the data incident. For additional questions or concerns, phone 833-749-1651 or visit arrt.org.