U.S. medical imaging supplier SimonMed Imaging is notifying greater than 1.2 million people of a data breach that uncovered their delicate data.
SimonMed Imaging is an outpatient medical imaging and radiology companies supplier, together with MRI and CT scans, X-ray, ultrasound, mammography, PET, nuclear medication, bone density, and interventional radiology procedures.
The radiology firm operates about 170 medical facilities 11 U.S. states, and has an annual income of greater than $500 million.
Three weeks of unauthorized entry
In response to the discover shared with the authorities, hackers compromised SimonMed’s techniques and had entry to the corporate community in the beginning of the yr between January 21 and February 5.
SimonMed discovered concerning the breach on January 27, from one in every of its distributors, who alerted “that they have been experiencing a security incident.” After beginning an investigation, the medical firm confirmed the subsequent day suspicious exercise on its community.
“Upon discovering we have been the sufferer of a felony assault, we instantly started an investigation and took steps to include the state of affairs,”, the corporate states.
The motion taken included resetting passwords, multifactor authentication, including endpoint detection and response (EDR) monitoring, eradicating third-party distributors’ direct entry to techniques inside SimonMed’s setting and its related instruments, and restricted inbound and outbound site visitors to trusted connections
The corporate additionally notified legislation enforcement and the companies of information security and privateness professionals.
SimonMed didn’t publicly share precisely what data was stolen by the attackers in addition to their full names, however contemplating the sorts of knowledge medical imaging corporations retailer on their techniques, it could embody extremely delicate data.
Nonetheless, the corporate underlined that it has no proof that the accessed data has been misused to conduct fraud or identification theft as of October 10, the day the discover was circulated.
Letter recipients are supplied a free-of-charge subscription to identification theft companies by Experian.
Medusa claimed the assault
Medusa ransomware introduced SimonMed Imaging on its extortion portal on February 7 claiming that it had stolen 212 GB of information.
The hackers additionally leaked some knowledge, as proof of the assault, consisting of ID scans, spreadsheets with affected person particulars, cost particulars, and account balances, medical studies, and uncooked scans.
On the time, the menace actors demanded a ransom cost of $1million and $10,000 for one-day extension earlier than publishing all of the stolen information.
Supply: KELA
Presently, SimonMed Imaging is now not listed on Medusa ransomware’s knowledge leak web site. This sometimes means that the corporate negotiated a ransom and paid the hackers.
The Medusa ransomware-as-a-service (RaaS) operation launched in 2023 and gained its infamy with assaults such because the one on the Minneapolis Public Faculties (MPS). The gang additionally focused Toyota Monetary Companies.
A joint advisory by the FBI, CISA, and MS-ISAC from March 2025 warned about Medusa ransomware exercise, noting that the menace group had impacted over 300 crucial infrastructure organizations in america.
Be part of the Breach and Attack Simulation Summit and expertise the way forward for security validation. Hear from high specialists and see how AI-powered BAS is reworking breach and assault simulation.
Do not miss the occasion that can form the way forward for your security technique
