In January 2025, the Arizona-based medical imaging practice SimonMed Imaging experienced a significant data breach that compromised vast amounts of patient information.The breach, attributed to the notorious Medusa ransomware gang, resulted in extensive investigations and triggered numerous legal actions against the company. The exposure of sensitive data has prompted discussions about the need for robust cybersecurity measures in the healthcare sector.
Discovery and Initial Response
Alert and Investigation
In late January 2025, SimonMed received an alert from one of its vendors about a potential security incident. Upon conducting a preliminary investigation, the company identified suspicious activity on its network, dating from January 27.This discovery led to the realization that SimonMed had fallen victim to a criminal cyberattack. Recognizing the severity of the situation, SimonMed quickly initiated a thorough investigation to determine the extent of the breach and to identify the perpetrators.The company confirmed that the Medusa ransomware gang was behind the attack, which had managed to infiltrate its network and steal sensitive patient information.
Containment Measures
Following the revelation of the cyberattack, SimonMed took immediate measures to contain the breach and prevent further unauthorized access to its network.The company reset all passwords across its systems, enhancing their security by implementing stronger multifactor authentication protocols. To bolster its defenses, SimonMed deployed endpoint detection and response monitoring, which allowed for continuous surveillance of its network and increased detection of any suspicious activities. Additionally, the company revoked access for third-party vendors and restricted network traffic to only whitelisted sources.These actions aimed to limit potential vulnerabilities and secure the network from further attacks.
Scope of Compromised Data
Potentially Stolen Information
The ongoing investigation revealed the potential compromise of highly sensitive patient information. The data at risk included names, addresses, birth dates, medical records, patient numbers, medical conditions, diagnosis and treatment details, medications, health insurance details, and driver’s license numbers.The possibility of such extensive information being compromised raised significant concerns about patient privacy and data security. SimonMed notified law enforcement and engaged data security and privacy experts to assist in mitigating the breach’s impact and to prevent future occurrences. Despite improved measures, the extent of the damage had already positioned many affected individuals at risk of identity theft and fraud.
Broader Scope in Lawsuits
Class action lawsuits filed against SimonMed have presented an even broader scope of compromised data.Claimants allege that the breach resulted in the exposure of Social Security numbers, payroll data, and images of driver’s licenses and passports, contradicting the initial breach notification provided by SimonMed. The lawsuits further assert that the Medusa ransomware gang leaked data on its dark website in early February, claiming possession of 212 gigabytes of files containing sensitive information of at least 132,000 individuals. Among the leaked data were photocopied IDs and a spreadsheet listing over 1 million mammograms, corresponding patient names, dates, and service locations.
Legal Actions and Allegations
Class Action Lawsuits
One notable class action lawsuit was filed on February 21 by SimonMed patient Rosemary Hamermaster.The suit alleges that the Medusa gang leaked massive amounts of data, including photocopied driver’s licenses and passports, on its dark website. The gang also threatened to publish the entire trove of stolen data if SimonMed did not meet the ransom demand by February 21.Additionally, the lawsuit claims that over 1 million mammograms, along with corresponding patient details, were included in the leaked data. The lawsuit seeks financial damages for the affected individuals and calls for an injunction mandating SimonMed to enhance its data security practices.
Claims of Negligence
The class action lawsuits filed against SimonMed accuse the company of negligence in protecting patients’ sensitive information, thereby increasing the risk of identity theft and fraud.Plaintiffs argue that SimonMed should have implemented stronger security measures to prevent such a breach and that the company’s failure to do so constitutes gross negligence. They seek financial compensation for the damages incurred due to the breach, as well as an injunction requiring SimonMed to adopt more stringent data security practices. While SimonMed has indicated that it is implementing additional technical safeguards to enhance existing protections, it has not disclosed the specifics of these measures or responded to inquiries about whether a ransom was paid to Medusa.
Broader Impact and Industry Trends
Other Affected Providers
The cyberattack on SimonMed is part of a growing trend of attacks on medical imaging providers, which often result in significant data breaches and disruptions to patient care. Similar incidents have been reported in recent years, highlighting a pattern of cybercriminals targeting healthcare institutions due to the sensitive nature of the data they manage. For instance, Pinehurst Radiology in North Carolina experienced a cyber incident in January that led to a temporary closure, and Consulting Radiologists Ltd. in Eden Prairie, Minnesota, faced a hacking breach in 2024 that affected nearly 512,000 individuals. These incidents underscore the pressing need for healthcare providers to bolster their cybersecurity infrastructure to mitigate the risk of attacks.
Largest Known Hack
One of the largest known hacks targeting a medical imaging provider occurred in 2022. The breach at Shields Health Care Group in Massachusetts affected over 2 million patients, highlighting the severe vulnerability of the healthcare sector to cyberattacks.Such breaches have far-reaching consequences, not only for the affected individuals but also for the compromised institutions, which may face legal actions, financial penalties, and reputational damage. The frequency and severity of these incidents reinforce the urgent need for enhanced cybersecurity measures within healthcare organizations to safeguard sensitive patient data and ensure the continued integrity of medical services.
Call for Robust Cybersecurity
Persistent Threats
The SimonMed breach serves as a stark reminder of the persistent threat posed by cybercriminals to healthcare providers. As medical imaging practices manage highly sensitive and personal patient data, they have become prime targets for ransomware gangs like Medusa.The breach underscores the critical need for healthcare institutions to adopt robust cybersecurity measures to protect patient information from unauthorized access and potential exploitation. Implementing comprehensive security protocols, regular vulnerability assessments, and continuous monitoring can help mitigate the risk of cyberattacks and enhance overall data protection.
Investment in Cybersecurity
In January 2025, SimonMed Imaging, a prominent medical imaging practice based in Arizona, suffered a major data breach. This alarming incident compromised extensive amounts of sensitive patient information.The breach was the work of the infamous Medusa ransomware gang. The attack led to thorough investigations and sparked numerous legal actions against the company.The exposure of patient data has raised significant concerns about cybersecurity in the healthcare sector, emphasizing the urgent need for stronger measures to protect sensitive information. This incident prompted a broader conversation among industry experts, policymakers, and the public about the vulnerabilities in healthcare systems and the importance of implementing robust cybersecurity protocols.Healthcare providers across the nation are reassessing their data protection strategies to ensure patient information is safeguarded against potential threats. The SimonMed Imaging breach serves as a stark reminder of the critical importance of cybersecurity vigilance in protecting patient privacy and maintaining trust in healthcare services.