Hackers leak medical reports after huge breach impacts 1.2 million patient records

News
By published

SimonMed Imaging suffered at the hands of Medusa

  • SimonMed Imaging lost sensitive data on 1.2 million people in a ransomware attack
  • Medusa claimed responsibility, demanding $1 million to delete 212GB of stolen patient data
  • Victims are offered free identity theft and credit monitoring

SimonMed Imaging, a large US outpatient medical imaging and radiology provider, has suffered a cyberattack which saw it lose sensitive data on more than a million people.

The company has filed a report with the Office of the Maine Attorney General, in which it also shared a sample of the data breach notification letter it’s been sending out to affected customers. In it, it said that in late January 2025, one of its vendors notified it of an ongoing security incident.

The following day, SimonMed discovered “suspicious activity” on its own network, and tried to thwart the attack by resetting password, setting up two-factor authentication (2FA), implementing endpoint detection and response monitoring, and removing all third-party vendor direct access to its systems.

Concrete action

But, by the time this was done, it was already too late. Between January 21 and February 5 2025, cybercriminals exfiltrated sensitive data on 1.2 million people, SimonMed said. It only said the criminals stole people’s names and other “data elements”.

At the same time, ransomware operators Medusa claimed responsibility for the attack, stated they nabbed 212GB of various data, including ID scans, spreadsheets with patient details, payment details, account balances, medical reports, and even raw scans.

The attackers also demanded $1 million to delete the data, and $10,000 to extend the deadline for publishing by one day.

Now, the company has been pulled from the data leak site, which would suggest that SimonMed Imaging paid the ransom demand. This has not yet been confirmed (nor denied), and it doesn’t necessarily mean the organization paid the whole sum.

Relevant authorities were notified of the incident, and third-party cybersecurity experts were brought in to assess the damage and help with the post-mortem. At the same time, the victims are being offered free identity theft and credit monitoring services through Experian.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.