SimonMed Imaging, one of the largest outpatient medical imaging providers in the U.S., has become the latest victim of a large-scale cyberattack. The company, which specializes in advanced diagnostic imaging services like MRI, CT scans, and mammography, discovered suspicious network activity on January 28, 2025, after an alert from a vendor. A subsequent investigation revealed unauthorized access to its systems between January 21 and February 5. In response, the company swiftly implemented security measures, including resetting passwords, strengthening multi-factor authentication, and restricting vendor access to contain the attack and prevent further damage. The firm also notified law enforcement and published a notice about the incident on its website.
The Medusa ransomware group has claimed responsibility for the breach, adding SimonMed Imaging to its dark web data leak site. The group asserts that it stole 200 GB of data and demanded a $1 million ransom. According to a data breach notification filed with the Maine Attorney General, the attack compromised the sensitive information of over 1.2 million individuals. The exposed data includes a wide range of personal and medical information, such as names, addresses, dates of birth, medical record numbers, diagnoses, treatment information, and health insurance details. The breach also exposed highly sensitive data like driver’s license numbers, Social Security numbers, financial account numbers, and biometric identifiers.
Although the company is not currently aware of any misuse of the stolen data, the exposure of such a vast amount of sensitive information carries severe risks for those affected. Patients now face the potential for identity theft, as criminals could use their personal and financial information to open fraudulent accounts, file false tax returns, or commit insurance fraud. Furthermore, access to medical and insurance data enables medical identity theft, which could alter a victim’s medical records and compromise future care. The breach represents a serious violation of privacy, potentially leading to emotional distress and a long-lasting impact on patients’ trust in healthcare institutions.
In its official notice, SimonMed Imaging stated that its investigation is ongoing to determine exactly what information was affected, but is taking steps out of an abundance of caution. The company is encouraging all impacted individuals to remain vigilant against potential identity theft and fraud by reviewing their account statements and benefit forms. As a protective measure, SimonMed Imaging is offering free annual credit reports from the three major U.S. credit bureaus to help affected individuals monitor their accounts for any suspicious activity.
While SimonMed Imaging did not provide specific technical details about how the attackers gained access to their systems, the incident highlights the escalating threat of ransomware attacks targeting the healthcare sector. The industry’s reliance on large databases of sensitive patient information makes it a prime target for cybercriminals. This breach serves as a stark reminder of the critical need for robust cybersecurity defenses and proactive measures to protect patient data from increasingly sophisticated and aggressive cyber threats.
Reference:
