A massive data breach at SimonMed Imaging, one of the U.S.’s largest outpatient radiology providers, exposed the personal, medical, and financial data of 1.2 million patients. The Medusa ransomware group claimed responsibility, alleging theft of over 200 GB of sensitive information including patient IDs, medical scans, reports, and payment details.

The breach occurred between January 21 and February 5, 2025, after hackers gained access through a vendor system. SimonMed took immediate security measures—resetting passwords, enabling two-factor authentication, and restricting third-party access—but the attackers had already exfiltrated data. The group reportedly demanded $1 million to delete the stolen files. SimonMed was later removed from the Medusa leak site, suggesting a possible ransom payment, though the company has not confirmed this.

In response, SimonMed hired cybersecurity experts, tightened defenses, and offered free credit monitoring to affected individuals. Experts warn that such medical breaches are particularly damaging, as medical histories and identity documents cannot be easily replaced.

The report also advised consumers to take additional precautions:

1. Use data removal services.

2. Change passwords and use a password manager.

3. Enable two-factor authentication.

4. Install strong antivirus software.

5. Monitor financial and medical statements.

6. Consider identity theft protection plans.

7. Stay alert for phishing scams related to the breach.

Overall, the SimonMed breach highlights the growing threat of ransomware attacks in the healthcare sector and the long-term risks of exposed medical and identity data.