Over a million patients are caught up in a significant data breach linked to SimonMed Imaging, a leading provider in outpatient radiology and medical imaging. This breach was discovered following a cyberattack that compromised sensitive patient information, with indications that a ransomware group may have been responsible. The sheer volume of data stolen and its potential use for identity or financial fraud is particularly alarming.
What transpired at SimonMed Imaging?
In January 2025, a vendor tipped off SimonMed Imaging about a possible security issue. The following day, the company observed unusual network activity. Their response involved resetting passwords, implementing two-factor authentication, and bolstering endpoint security while severing access for third-party vendors. Unfortunately, it turned out the attackers had already infiltrated their systems. Between January 21 and February 5, 2025, the cybercriminals accessed sensitive information from around 1.2 million individuals. The Medusa ransomware group later took credit for the breach, claiming to have stolen over 200 GB of data that included patient IDs, financial details, and medical scans.
The hackers allegedly sought a ransom of $1 million for deleting the stolen files or, alternatively, demanded $10,000 daily to postpone their publication. It appears that SimonMed has been removed from the Medusa leak site, suggesting a possible ransom payment, though the company hasn’t confirmed this. In response, SimonMed has enlisted cybersecurity specialists to investigate and has also offered free credit monitoring to those affected.
Data exposed in the SimonMed breach
While SimonMed described the leaked information as including names and other data elements in their official announcements, the claims from the attackers insinuate a broader breach. They assert that the stolen data covers identification documents, payment info, medical reports, account balances, and image scans. Such information is extremely valuable on dark web marketplaces—identity details and medical records are often sold to fraudsters for various illicit activities. Dealing with a healthcare data breach is particularly tough because you can’t just reset medical records or government IDs like you would with a password.
Efforts to contact SimonMed for a comment did not yield a response by the deadline.
Steps to enhance your protection
Even though SimonMed is providing free credit monitoring, leaked data often remains usable long after the breach becomes public knowledge. Therefore, it’s crucial for customers to take proactive steps to minimize the long-lasting effects of this breach and bolster their personal security.
1) Use a data deletion service
People search sites harbor personal records and make them public. Data deletion services can help manage outreach and removal of this information on your behalf, helping to shrink your online footprint. The less info available, the harder it is for attackers to craft a complete identity profile. While no service can offer a 100% guarantee of complete data removal, it’s still a smart option for managing your online presence.
2) Change your password and use a password manager
If you’ve interacted with SimonMed or related platforms, it’s advisable to change your password right away. Avoid reusing old passwords across different accounts. A password manager can generate and securely save strong passwords, lessening the risk of a single breach impacting multiple accounts.
3) Enable two-factor authentication
Activating two-factor authentication is a simple but effective way to add an extra layer of security. Even if someone acquires your password, they’ll be unable to log in without the validation code sent to your device.
4) Install a strong antivirus program
With the evolving malware landscape, having robust antivirus software is essential. Modern threats can include remote access tools that hide themselves and steal data. Good antivirus software will detect unusual activities, offer alerts about unauthorized access attempts, and safeguard against various cyber threats.
5) Monitor financial records and medical statements
Keep a close eye on your bank statements, insurance records, and medical bills. Cybercriminals often start testing stolen info with small transactions, so catching these early can save you from larger losses.
6) Consider an identity theft prevention plan
Given that healthcare breaches often compromise sensitive personal information, identity protection services might be useful. These services can alert you if your information surfaces on the dark web and provide resources for recovery in case of fraud.
7) Stay informed and alert
Post-breach, attackers may launch phishing campaigns mimicking legitimate communications from affected companies. Be cautious of unsolicited emails or texts claiming to be from SimonMed or related entities, especially if they ask for verification or payment. Staying aware and keeping software updated adds a substantial layer of security.
Key takeaways
The SimonMed Imaging breach underscores the increasing frequency and severity of cyberattacks on healthcare providers. Once data is compromised, it can easily circulate among criminal circles. Monitoring your identity and being proactive about data safety can mitigate potential risks before they manifest.
