Medusa ransomware hit SimonMed Imaging, stealing 200 GB of data and impacting over 1.2 million people in a major healthcare data breach.
SimonMed Imaging suffered a ransomware attack by the Medusa group, which claimed to have stolen 200 GB of data.
SimonMed Imaging is one of the largest outpatient medical imaging providers in the U.S., offering services such as MRI, CT, X-ray, ultrasound, and mammography across multiple states, focusing on advanced diagnostic imaging and patient-centered care.
According to the data breach notification shared with the Maine Attorney General, the security breach affected over 1.2 million individuals, exposing sensitive information and highlighting the growing threat of large-scale cyberattacks on healthcare organizations.
The healthcare firm discovered suspicious network activity on January 28, 2025, after a vendor’s breach alert. The company promptly launched an investigation into the incident that revealed unauthorized access from January 21 to February 5. The firm notified law enforcement and swiftly contained the attack by resetting passwords, strengthening MFA, adding endpoint monitoring, cutting vendor access, and restricting traffic.
The company is not aware of any misuse of personal data.
“Through our investigation, we determined that there was unauthorized access to our systems between January 21, 2025 and February 5, 2025. Due to the nature of the Incident, the investigation is still ongoing into what data pertaining to individuals was affected (“Information”).” reads the notice of data incident published by the company on its website. “There is currently no evidence that any Information has been misused for identity theft or fraud in connection with the Incident, but we are taking the steps below out of an abundance of caution.”
Exposed data includes name, address, birth date, date of service, provider name, medical record number, patient number, medical condition, diagnosis and/or treatment information, medical information, medical imaging, medications, health insurance information, driver’s license numbers, government-issued ID, social security number and/or tax ID, financial account number, authentication credentials, or biometric identifiers.
When attackers gain access to sensitive patient data such as names, addresses, birth dates, medical records, diagnoses, insurance details, and identification numbers, the consequences can be severe. Patients face the risk of identity theft, as criminals can use personal and financial information to open fraudulent accounts, file false tax returns, or commit insurance fraud. Access to medical and insurance data also enables medical identity theft, allowing attackers to obtain healthcare services or prescriptions under the victim’s name, which can alter medical records and compromise future treatment. The exposure of diagnostic details, medications, and imaging results represents a serious violation of privacy, potentially leading to discrimination, stigma, or emotional distress. Furthermore, leaked authentication credentials or biometric identifiers could allow continued unauthorized access to patient portals and healthcare systems, making the breach’s impact long-lasting. Overall, such a data breach endangers not only financial stability but also personal safety, trust in healthcare institutions, and the integrity of patients’ medical histories.
Impacted individuals should stay alert for identity theft and fraud, review account statements and benefits forms. The company offers free annual credit reports from the three major U.S. credit bureaus to detect suspicious activity or errors.
SimonMed Imaging did not provide technical details about the attack, however, the Medusa ransomware group claimed responsibility for the data breach. The ransomware group added the company to its Tor data leak site and demanded a ransom of $1 million.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
Source: SecurityAffairs
Source Link: https://securityaffairs.com/183342/uncategorized/simonmed-imaging-discloses-a-data-breach-impacting-over-1-2-million-people.html