SimonMed Imaging, a radiology practice based in Scottsdale, Arizona, has confirmed that it was impacted by a cybersecurity breach earlier this year, which exposed sensitive patient information through one of its vendors.
The incident, which took place in January 2025, was first detected on January 27, when a vendor alerted SimonMed to a security issue. Following the alert, SimonMed initiated a review of its systems and discovered suspicious activity within its network on January 28. Immediate containment efforts were launched, and a forensic investigation was initiated to assess the scope of the breach.
The investigation revealed that unauthorized access occurred between January 21 and February 5, 2025. While the review of affected files is still ongoing, preliminary findings suggest that the breach exposed various types of patient data, including personal identification information (names, addresses, birth dates), medical records (provider names, service dates, diagnosis/treatment details), and insurance information.
It is believed that multiple individuals’ data was compromised, with some potentially having sensitive information, such as driver’s license numbers and medication history, exposed.
In response to the breach, SimonMed has taken several steps to bolster its security infrastructure. These measures include strengthening multifactor authentication, resetting passwords, implementing advanced endpoint monitoring, and revoking third-party vendor access to the company’s internal systems. Additional technical safeguards are being introduced as the investigation progresses.
While SimonMed has not publicly disclosed the identity of the hacker group responsible, the Medusa ransomware group claimed credit for the attack, alleging that 212 GB of data had been compromised. Medusa also claimed to have demanded a $1 million ransom and set a February 21 deadline for payment. No official statement from SimonMed has confirmed whether ransomware was involved.
Currently, there is no information regarding the breach on the U.S. Department of Health and Human Services’ Office for Civil Rights breach portal, leaving the full extent of the affected individuals unknown. At least one class-action lawsuit has been filed against SimonMed in connection with the breach.