1.2 Million SimonMed Patients Hit by Data Breach
▼ Summary
– SimonMed Imaging is notifying over 1.2 million individuals of a data breach that exposed their sensitive information due to unauthorized access between January 21 and February 5.
– The breach was discovered on January 27 after a vendor alerted the company to a security incident, and an investigation confirmed suspicious network activity the next day.
– Hackers from the Medusa ransomware group claimed responsibility, stating they stole 212 GB of data including ID scans, patient details, payment information, and medical reports.
– SimonMed has taken security measures such as resetting passwords and adding monitoring, and there is no evidence of data misuse for fraud or identity theft as of October 10.
– Medusa ransomware, which has impacted over 300 U.S. critical infrastructure organizations, demanded a $1 million ransom and is no longer listing SimonMed on its leak site, suggesting a possible payment.
A significant data security incident has impacted over 1.2 million patients of SimonMed Imaging, a major outpatient medical imaging provider in the United States. The breach exposed sensitive personal information following unauthorized network access by cybercriminals earlier this year. SimonMed operates approximately 170 facilities across eleven states, offering a comprehensive range of diagnostic services including MRI, CT scans, X-rays, and mammography, with annual revenues surpassing half a billion dollars.
Investigations revealed that hackers infiltrated the company’s systems, maintaining access for a three-week period between January 21 and February 5. SimonMed first became aware of the intrusion on January 27 after receiving an alert from one of its vendors concerning a security incident. The following day, internal probes confirmed suspicious activity within their network. In response, the organization states it immediately launched a containment effort, which involved resetting all passwords, implementing multifactor authentication, and enhancing endpoint detection and response monitoring. Additional security measures included removing third-party vendor system access and restricting network traffic to trusted connections only.
The company collaborated with law enforcement and data security specialists to manage the fallout. While SimonMed has not released a complete inventory of the compromised data, it acknowledged that full names were among the exposed details. Given the nature of medical imaging records, it is probable that highly confidential health and financial information was also accessed. Importantly, as of October 10, the company has found no evidence indicating that the stolen data has been used for fraudulent activities or identity theft. All affected individuals are being offered complimentary identity theft protection services through Experian.
The Medusa ransomware group publicly claimed responsibility for the attack on February 7, listing SimonMed on its extortion site. The hackers alleged they had exfiltrated 212 gigabytes of data, later leaking samples that included identification documents, patient details, payment records, medical reports, and diagnostic images. At the time, the group demanded a $1 million ransom, with an additional $10,000 required for each day’s delay before full public release of the files.
SimonMed Imaging no longer appears on Medusa’s data leak website, a common indication that a ransom negotiation may have occurred. The Medusa ransomware-as-a-service operation, which emerged in 2023, has been linked to numerous high-profile attacks, including incidents involving Minneapolis Public Schools and Toyota Financial Services. A recent advisory issued by the FBI, CISA, and MS-ISAC highlighted Medusa’s extensive reach, noting the group has compromised more than 300 critical infrastructure organizations across the nation.
(Source: Bleeping Computer)
