SimonMed Imaging radiology practice hit by ransomware attack
Learn More
SimonMed Imaging, a Scottsdale, Arizona-based radiology practice, was hit by a cybersecurity incident confirmed as a ransomware attack attempt. The company, which operates across 170 sites in 11 states, detected and responded to the attack last week.
The company temporarily took some systems offline, which resulted in operational slowdowns. They engaged cybersecurity experts from Palo Alto Networks' Unit42 to secure their systems.
Medusa ransomware group claimed responsibility for the attack. The hackers reportedly demand $1 million in Bitcoin, with a deadline of February 21, 2025. According to claims made by the Medusa group on the dark web, the exposed data potentially includes:
- Social Security numbers
- Medical records
- Corporate emails
- Diagnostic images
- 318,000 lines of data
- Total of 212 GB of data
The number of affected individuals is not disclosed.
The attackers posted 45 proof files online to demonstrate their access to the data. SimonMed's Marketing Officer stated that "no data was encrypted" as they "interrupted" the hackers. The carefully worded statement does not deny that data was stolen, just that there is no encryption.
Update - as of 31st of March 2025, SimonMed's investigation confirmed that unauthorized access to their systems occurred between January 21 and February 5, 2025. The exposed data includes:
- Names
- Addresses
- Birth dates
- Dates of service
- Provider names
- Medical record numbers
- Patient numbers
- Medical conditions
- Diagnosis and/or treatment information
- Medications
- Health insurance information
- Driver's license numbers
SimonMed has emphasized that their investigation is ongoing, and they have not yet determined the full list of specific affected individuals.
As of 13th of October 2025, SimonMed reports that the breach affected 1,275,669 individuals.
