Vitalii Gulenok/istock via Getty
SimonMed discloses 1.27M-record healthcare data breach
Radiology practice SimonMed disclosed a large healthcare data breach that was claimed by the Medusa ransomware group.
SimonMed Imaging, an Arizona-based radiology practice, reported a January 2025 healthcare data breach stemming from a cyberattack that impacted 1.27 million individuals. The Medusa ransomware group claimed responsibility for the hack.
SimonMed provides radiology services across approximately 170 medical centers in 11 states.
According to a breach notice provided to the Maine attorney general's office, on Jan. 27, 2025, SimonMed was notified that one of its vendors was experiencing a security incident. Upon reviewing its systems, SimonMed discovered suspicious activity on its network and determined that it had fallen victim to a criminal cyberattack.
The practice said it immediately began resetting passwords, implementing endpoint detection and response monitoring, removing third-party vendor direct access to systems, improving multifactor authentication and notifying law enforcement.
Further investigation revealed that unauthorized activity had occurred between Jan. 21, 2025, and Feb. 5, 2025. During that time, files containing sensitive information were accessed by an unauthorized party.
"After determining unauthorized activity occurred on our systems, we immediately began analyzing the information involved to confirm the identities of potentially affected individuals and notify them," the notice stated.
"We worked closely with data security and privacy professionals to aid in our response and reported this Incident to relevant government agencies."
Though not mentioned in the breach notification sent to the state of Maine, Medusa ransomware claimed responsibility for the attack in February, allegedly stealing the data of SimonMed patients.
Medusa, which was first identified in 2021, was the subject of a March 2025 joint alert authored by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The variant has no connection to MedusaLocker, another known variant.
Medusa has claimed responsibility for more than 300 cyberattacks against critical infrastructure organizations, including those in the healthcare, education, insurance, technology and manufacturing sectors.
Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.
