Medusa Ransomware Attack Exposes Data of Over 1.2 Million SimonMed Imaging Patients

Arizona-based SimonMed Imaging announced that a data security incident it experienced earlier this year had compromised the sensitive personal information of more than 1.2 individuals.

 

Headquartered in Scottsdale, Arizona, SimonMed Imaging is a physician-owned outpatient medical imaging provider that offers a wide range of diagnostic services. It operates over 170 accredited facilities across 10 states and is staffed by more than 200 subspecialty-trained radiologists.

 

In a data security incident notice filed with the Office of Maine Attorney General, SimonMed said that it was notified by a third-party vendor on January 27 regarding a potential data security incident. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected platform and notified relevant law enforcement authorities about the same.

 

“Through our investigation, we determined that there was unauthorised access to our systems between January 21, 2025 and February 5, 2025. During this period, we identified that files containing your Information were obtained by an unauthorised party,” SimonMed said.

 

The compromised data included names and other personal identifiers. The filing with the Maine state regulator’s office also states that SimonMed has identified at least 1,275,669 individuals affected by the incident.

 

“Upon discovering we were the victim of a criminal attack, we immediately began an investigation and took steps to contain the situation, including resetting passwords, enhancing multi-factor authentication, implementing endpoint detection and response monitoring, removing all third-party vendor direct access to systems within SimonMed’s environment and all associated tools, limiting only whitelisted traffic into and from our network, notifying law enforcement, and engaging data security and privacy professionals to assist,” SimonMed added.

 

While the healthcare service provider found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

 

 

The Medusa ransomware group has claimed responsibility for a cyberattack on SimonMed Imaging, listing the company as a victim on its data leak site. According to the group, it exfiltrated 212 GB of confidential data from the medical imaging provider and threatened to release the information unless a ransom of $1 million was paid.