US medical imaging provider SimonMed Imaging is notifying more than 1.2 million individuals about a data breach that exposed their sensitive information.
SimonMed Imaging is an outpatient medical imaging and radiology service provider, including MRI and CT scans, X-ray, ultrasound, mammography, PET, nuclear medicine, bone density and interventional radiology procedures.
The radiology company operates approximately 170 medical centers in 11 U.S. states, and has annual revenues of more than $500 million.
three weeks of unauthorized access
According to the notice shared with authorities, hackers compromised SimonMed’s systems and accessed the company network between January 21 and February 5 at the beginning of the year.
SimonMade learned of the breach on January 27 from one of its vendors, who warned that “they were experiencing a security incident.” After launching an investigation, the medical company confirmed suspicious activity on its network the next day.
“Upon learning that we were the victim of a criminal attack, we immediately launched an investigation and took steps to control the situation,” the company said. states usa,
The actions taken include resetting passwords, adding multifactor authentication, endpoint detection and response (EDR) monitoring, removing direct access of third-party vendors to systems within SimonMed’s environment and its related tools, and restricting inbound and outbound traffic to trusted connections.
The company also notified the services of law enforcement and data security and privacy professionals.
SimonMed did not publicly share what information was stolen by the attackers other than their full names, but given the type of data stored by medical imaging firms on their systems, it may have included highly sensitive information.
Nevertheless, the company underlined that as of October 10, the day the notice was circulated, it had no evidence that the information obtained had been misused to commit fraud or identity theft.
Recipients of the letter are offered a free subscription to identity theft services through Experian.
Medusa claimed attack
Medusa ransomware announced SimonMed Imaging on its extortion portal on February 7, claiming it had stolen 212 GB of data.
The hackers also leaked some data as evidence of the attack, including ID scans, spreadsheets containing patient details, payment details and account balances, medical reports and raw scans.
At the time, the threat actors demanded a ransom payment of $1 million and $10,000 for a one-day extension before publishing all stolen files.
Source: banana
Currently, SimonMed Imaging is no longer listed on the data leak site of the Medusa ransomware. This usually suggests that the company negotiated a ransom and paid the hackers.
The Medusa ransomware-as-a-service (RaaS) operation launched in 2023 and gained notoriety with attacks such as the Minneapolis Public Schools (MPS) attack. The gang also targeted Toyota Financial Services.
A joint advisory from the FBI, CISA, and MS-ISAC from March 2025 warned about Medusa ransomware activity, stating that the threat group had affected more than 300 critical infrastructure organizations in the United States.
attend Breach and Attack Simulation Summit and experience future of security verificationHear from top experts and see how AI-powered BAS Changing breach and attack simulations.
Don’t miss the event that will shape the future of your security strategy
