A data breach affecting American medical imaging provider SimonMed Imaging has leaked the personal information of 1.2 million people. SimonMed learned of the data breach on January 7 after a third-party vendor reported malicious activity on its network.
The imaging provider responded by launching an investigation, which determined that the threat actor had breached its systems between January 21 and February 5 and accessed certain files containing personal information.
“Through our investigation, we determined that there was unauthorized access to our systems between January 21, 2025 and February 5, 2025.”
SimonMed data breach leaked extensive patient information
According to a data breach notification filed with the Office of the Maine Attorney General, the imaging giant says the threat actor stole the personal and medical information of 1,275,669 people.
While the details leaked varied by individual, they included personally identifiable information, including the victims’ names, addresses, and dates of birth.
Where available, the data breach also leaked patient information such as the date of service, the name of the provider, patient’s medical record number, patient number, medical condition, diagnosis and/or treatment, medical information, medical imaging, medications, and health insurance information.
It also leaked the financial information, such as financial account numbers and government-issued IDs, such as driver’s license numbers, Social Security Numbers, and/or tax ID. The victims’ authentication credentials and biometric identifiers were also leaked during the data breach.
In response, the company said it took additional steps to limit the threat actors’ activity by resetting passwords and enabling multifactor authentication.
However, the company says it had no evidence that the information had been misused for fraud by the time of notification.
“There is currently no evidence that any Information has been misused for identity theft or fraud in connection with the Incident,” the company said.
Meanwhile, SimonMed says it has taken additional steps to enhance the security of its network by deploying endpoint detection and response (EDR) monitoring, limiting the breached third party’s direct access to its environment, and restricting inbound and outbound traffic through whitelisting in response to the data breach.
The Arizona-based imaging giant also notified relevant authorities and law enforcement and engaged external data security experts to assist in responding to the data breach.
It also advised the victims to remain vigilant for potential fraud by monitoring their credit reports using free monitoring services, reviewing their financial statements, and reporting any suspicious activity.
They can also place security freezes to prevent credit bureaus from releasing their credit reports without notification, which prevents fraudsters from opening loan accounts using the stolen personal information.
“This attack on SimonMed Imaging becomes the second-largest data breach on a healthcare company this year (via ransomware),” said Rebecca Moody, Head of Data Research at Comparitech. “Overall, we’ve noted 96 attacks on healthcare providers (worldwide) this year, with over 8.7 million records breached across these attacks. The average ransom across these attacks has been $660,000, putting Medusa’s demand of $1 million from SimonMed well above average.”
“The attack also highlights our recent findings that healthcare providers are facing an increased threat of attacks via the third parties they use to carry out certain services,” added Moody. “In the case of SimonMed Imaging, it appears that this attack was successful due to a breach of one of its vendors. With such highly sensitive data on offer, healthcare organizations remain a key target for hackers and even those with the most robust of cybersecurity practices can still find themselves at the center of devastating breaches due to attacks via the third parties they use.”
Medusa ransomware gang claims SimonMed data breach
Meanwhile, the Medusa ransomware gang had claimed responsibility for the SimonMed data breach by listing the company on its data leak site on February 10.
The cyber extortion gang claimed to have stolen over 200 GB of data that included scanned ID documents, patient details in spreadsheets, account balances, payment details, medical reports, and health scans, including 1 million mammograms.
The attacker threatened to leak the stolen data online and demanded $1 million in ransom with a daily extension fee of $10,000. However, SimonMed later disappeared from Medusa’s data leak site, suggesting that it had paid a ransom to prevent sensitive patient information from leaking online.
Nevertheless, the data breach is the subject of numerous potential class action lawsuits alleging that the company failed to protect sensitive patient information.
