Medical Imaging Provider Says More than 1.2 Million Individuals Affected by Cyberattack

A nationwide medical imaging provider has recently started notifying more than 1.2 million individuals that some of their sensitive data was compromised in a January 2025 cyberattack. SimonMed Imaging operates more than 170 facilities in Arizona, California, Colorado, Florida, Illinois, Kentucky, Nevada, New York, Texas, and Wisconsin, and is one of the largest outpatient medical imaging services providers in the country, providing MRI, CT, X-ray, PET, mammogram, ultrasound, and bone density scans, along with nuclear medicine and interventional radiology procedures.

A cyberattack was detected by one of its vendors, which notified SimonMed Imaging about the security breach on January 27, 2025. Through that vendor, hackers accessed the SimonMed network between January 21 and February 5, 2025, and exfiltrated files containing patient information.  While not announced as such, this appears to have been a ransomware attack. The Medusa ransomware group claimed responsibility for the cyberattack and said 212 GB of data was exfiltrated from SimonMed’s network, including more than 1 million mammogram scans.  Samples of the stolen data were listed on the group’s data leak site, and the group threatened to publish the full data if the $1 million ransom was not paid. The data is not currently listed on the Medusa data leak site, which suggests a ransom was paid, although that has not been confirmed by SimonMed Imaging.

SimonMed Imaging publicly disclosed the data breach in March and notified the HHS’ Office for Civil Rights using a placeholder figure of at least 500 affected individuals. The file review has recently been completed, and the Maine Attorney General was recently informed that 1,275,669 individuals were affected, including 22 Maine residents. The compromised data included full names, addresses, birth dates, dates of service, provider names, medical record numbers, patient numbers, medical condition information, diagnosis/ treatment information, medications, health insurance information, and driver’s license numbers.  The affected individuals have been offered complimentary credit monitoring and identity theft protection services.

The news follows a data breach announcement by another medical imaging provider. Last month, Doctors Imaging Group in Florida announced a November 2024 cyberattack that involved unauthorized access to the protected health information of 172,000 patients.  Hackers had access to its network between November 5, 2024, and November 11, 2024, and obtained sensitive data such as names, addresses, dates of birth, admission dates, financial account types and numbers, patient account numbers, medical record numbers, health insurance information, medical treatment information, medical claim information, and Social Security numbers.

About Liam Johnson

Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/