SimonMed Reports Medusa Ransomware Incident Exposed Data of 1.2 Million Patients

SimonMed Imaging has reported a significant security breach resulting from a ransomware attack earlier this year, compromising sensitive personal data for approximately 1.28 million individuals. This incident ranks among the most substantial healthcare data breaches disclosed in 2025.

In a disclosure made to the Maine Attorney General’s Office, the company confirmed that the breach was linked to a Medusa ransomware attack initially claimed by the group in February.

Founded in 2003, SimonMed Imaging operates over 150 diagnostic imaging centers throughout the United States, employing more than 2,000 individuals. The company specializes in outpatient imaging services, including MRI, CT scans, ultrasound, and mammography, providing essential clinical diagnostic support to hospitals and physicians nationwide.

The breach transpired between January 21 and February 5, 2025. SimonMed identified unusual activity on January 28, one day following a security alert from a vendor. An internal investigation revealed that the attackers had gained unauthorized access to SimonMed’s systems, leading to the theft of a substantial volume of files containing protected personal information.

SimonMed delayed informing the affected individuals until October 10, citing the necessity of completing a thorough forensic investigation to ascertain the specific individuals impacted and the nature of the data accessed. While the disclosed data includes names and other identifiers, details regarding highly sensitive information, such as medical history or Social Security numbers, remain undisclosed. Although the company asserts there is currently no evidence of misuse, the extended period between the discovery of the breach and official notification raises concerns about potential identity theft and fraud risks.

The breach notification follows the Medusa ransomware group’s February announcement, which claimed responsibility for the attack and alleged the theft of over 200 GB of data. The group has even placed data samples on their dark web leak site, marked with a $1 million price tag—matching their ransom demand.

In response to the rise of such attacks, the FBI issued a cybersecurity advisory in March 2025, warning that Medusa ransomware has targeted over 300 critical infrastructure organizations, including sectors such as healthcare, education, legal services, technology, and manufacturing.

Earlier incidents linked to this ransomware-as-a-service include the Highlands Oncology Group breach from last August and a network compromise affecting the National Association for Stock Car Auto Racing (NASCAR), reported in July.

For ongoing updates and insights into data breaches and cybersecurity threats, follow us on X/Twitter and LinkedIn.

The SimonMed ransomware incident illustrates crucial vulnerabilities in healthcare data security and could likely involve tactics such as initial access through phishing attacks, followed by privilege escalation and data exfiltration—tactics well-documented in the MITRE ATT&CK Matrix. Business leaders must remain vigilant against such evolving threats as healthcare continues to be a prime target for cybercriminals.

Source link