University Diagnostic Medical Imaging (UDMI), a New York-based radiology practice, experienced a significant data breach on November 26, 2024. The Fog ransomware group claimed responsibility, stating they stole personal information from over 138,000 individuals.
UDMI’s data security incident notice confirmed unauthorized access to their internal network. Their investigation, aided by cybersecurity experts, revealed that the compromised data included names, addresses, dates of birth, referring physician information, and medical treatment and diagnosis details.
The firm filed a report with the U.S. Department of Health and Human Services Office for Civil Rights, identifying at least 138,080 impacted individuals. This emphasizes the devastating consequences of successful ransomware attacks against healthcare providers. Learn more about the increasing threat of ransomware to healthcare.
The Extent of the Data Breach and Fog Ransomware’s Methods
“The investigation determined that certain UDMI information was accessed without authorization for a limited amount of time on November 26, 2024. Therefore, UDMI initiated a comprehensive review to determine the information and individuals potentially impacted.”
UDMI stated.
While UDMI hasn’t found evidence of data misuse, they advise affected individuals to monitor their accounts and credit reports. They also reported the incident to law enforcement.
Fog ransomware, a relatively new group, claimed responsibility, posting details on their data leak site. They claim possession of 28.1GB of data, including patient contacts and healthcare documents.
🚨 Fog Ransomware Alert 🚨
— FalconFeeds.io (@FalconFeedsio) March 13, 2025
University Diagnostic Medical Imaging, PC 🇺🇸
📢 University Diagnostic Medical Imaging, PC, an American full-service diagnostic radiology facility located in the Bronx, NY, has fallen victim to Fog ransomware.
🔍 Key Details:
💾 Size: 28.1 GB
🗒… pic.twitter.com/55ZBLDdMfe
According to Darktrace, Fog first appeared in May 2024, primarily targeting US educational institutions by exploiting compromised VPN credentials. The group uses advanced techniques, including disabling security software like Windows Defender and employing tools like Advanced Port Scanner, LOLBins, SharpShares, and SoftPerfect Network Scanner to gather data.
Responding to the Breach and Strengthening Cybersecurity
“In response to this incident, we worked with third-party specialists to investigate and implement additional security precautions. We also notified law enforcement, and we are reviewing our policies and procedures related to data protection.”
UDMI stated.
This proactive response is crucial in mitigating the impact of a data breach. However, the incident underscores the need for more comprehensive preventative measures. The use of sophisticated tools by Fog ransomware highlights the importance of proactive security measures and continuous monitoring to detect and respond to threats effectively.
Proactive monitoring and incident response planning are also vital in minimizing the impact of potential breaches. This incident also highlights the importance of understanding the threat landscape and staying informed about emerging ransomware tactics.
Helpful Reads: