Fog ransomware group claims a major data theft from radiology firm UDMI's systems

The Fog ransomware group said it hacked into the internal network of radiology practice University Diagnostic Medical Imaging and stole the personal information of more than 138,000 individuals.

 

Headquartered in Bronx, New York, University Diagnostic Medical Imaging is a radiology practice specialising in advanced diagnostic imaging services. It offers a comprehensive range of imaging modalities, including MRI, CT scans, ultrasound, and more.

 

In a data security incident notice published on its website, UDMI said that on November 26, it identified unusual activity in its internal network. The radiology practice immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The investigation determined that certain UDMI information was accessed without authorisation for a limited amount of time on November 26, 2024. Therefore, UDMI initiated a comprehensive review to determine the information and individuals potentially impacted,” it said.

 

The compromised data included names, addresses, dates of birth, referring physician, medical treatment and diagnosis information. In a filing with the U.S. Department of Health and Human Services Office for Civil Rights, UDMI said it has identified at least 138,080 individuals who were impacted by the cyber security incident.

 

“In response to this incident, we worked with third-party specialists to investigate and implement additional security precautions. We also notified law enforcement, and we are reviewing our policies and procedures related to data protection,” the radiology practice added.

 

While UDMI found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

Recently, a relatively new ransomware group going by the name Fog ransomware claimed responsibility for the cyber attack on UDMI and listed it as a victim on its data leak site. The group claimed to be in possession of 28.1GB of sensitive patient data that includes customer contacts, healthcare documents and more.

 

 

According to cyber security company Darktrace, Fog ransomware first emerged in May 2024 and has primarily exploited compromised virtual private network credentials to access the networks of educational institutions in the United States.

 

Though researchers have not linked the group to a nation-state, they say the group uses sophisticated techniques to run covert operations, such as disabling Windows Defender and multiple processes and services and using Advanced Port Scanner, LOLBins, SharpShares and SoftPerfect Network Scanner to collect data from compromised systems.