SimonMed Imaging, a number one U.S. supplier of outpatient medical imaging providers, has disclosed a serious cybersecurity incident that compromised the non-public and well being knowledge of roughly 1.2 million sufferers.
The breach, which occurred earlier this yr, was linked to a ransomware assault claimed by the infamous Medusa group, highlighting ongoing vulnerabilities within the healthcare sector.
Notifications to affected people started on October 10, 2025, following a protracted investigation to evaluate the complete scope of the injury.
The incident unfolded in late January 2025 when SimonMed acquired an alert from one in every of its third-party distributors a few potential safety compromise on January 27.
The corporate promptly initiated a system evaluation and detected suspicious community exercise the following day, confirming unauthorized entry had begun on January 21 and lasted till February 5.
SimonMed Information Breach
Forensic consultants decided that cybercriminals had infiltrated the community, exfiltrating recordsdata containing delicate affected person info over this two-week interval.
SimonMed, which operates greater than 170 imaging facilities throughout 11 states and generates over $500 million in annual income, makes a speciality of providers like MRI, CT scans, ultrasounds, and mammograms.
The attackers, recognized because the Medusa ransomware operation, stole round 212 gigabytes of knowledge and demanded a $1 million ransom, posting samples on their darkish internet leak web site to stress the corporate.
Whereas SimonMed has not confirmed paying the ransom or particulars on the preliminary entry level, presumably by the seller, the breach underscores the dangers of provide chain assaults in healthcare.
In response, SimonMed acted swiftly to include the menace by resetting passwords, bolstering multifactor authentication, deploying endpoint detection and response instruments, severing direct vendor entry to inner programs, and limiting community site visitors to whitelisted sources solely.
The corporate additionally engaged regulation enforcement and privateness specialists, reporting the matter to related authorities, together with the U.S. Division of Well being and Human Providers’ Workplace for Civil Rights.
The uncovered info diverse amongst people however included extremely delicate particulars comparable to full names, addresses, dates of delivery, service dates, supplier names, medical data and affected person numbers, diagnoses, therapy histories, prescribed drugs, medical insurance particulars, and even driver’s license numbers.
This breadth of knowledge makes victims prime targets for identification theft, medical fraud, and phishing schemes, as well being data fetch excessive costs on underground markets.
Thus far, SimonMed experiences no confirmed cases of knowledge misuse for fraud or identification theft stemming from the breach, however the delay in notifications practically 9 months after detection has drawn criticism from cybersecurity consultants and affected person advocates.
The corporate initially filed a preliminary report back to regulators, estimating 500 affected people as a placeholder, with the true determine of 1,275,669 rising solely after exhaustive file opinions.
Information TypeDescriptionPotential RiskPersonal IdentifiersNames, addresses, DOB, driver’s licensesIdentity theft, stalkingMedical RecordsDiagnoses, therapies, medicationsMedical fraud, blackmailInsurance & FinancialHealth insurance coverage data, affected person numbersBilling scams, unauthorized claims
This desk summarizes the important thing classes of compromised knowledge, illustrating the multifaceted threats posed to sufferers’ privateness and safety.
Protecting Measures
The breach has already sparked at the least one class-action lawsuit towards SimonMed, alleging negligence in safeguarding affected person knowledge and inadequate transparency in the course of the response.
Legislation corporations are investigating claims on behalf of affected clients, probably resulting in broader litigation as extra particulars emerge.
To mitigate dangers, SimonMed is offering complimentary 24-month memberships to Experian IdentityWorks, providing fraud detection, credit score monitoring, and identification restoration providers.
Sufferers are urged to enroll promptly utilizing distinctive activation codes included in notification letters and to stay vigilant by reviewing credit score experiences yearly through AnnualCreditReport.com and putting fraud alerts with main bureaus like Equifax, Experian, and TransUnion.
Consultants emphasize that such incidents replicate a surge in ransomware focusing on healthcare, with Medusa alone claiming over 300 victims throughout essential sectors this yr, as warned in a March 2025 FBI advisory.
SimonMed’s ongoing safety enhancements, together with superior monitoring and vendor audits, goal to stop recurrences, however the occasion serves as a stark reminder for the trade to prioritize sturdy defenses towards evolving cyber threats.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
