SimonMed Imaging Data Breach Affects 1.27 Million People & Exposes Social Security Numbers

On January 27, 2025, SimonMed Imaging was alerted by one of its vendors that they were experiencing a security incident. The following day, January 28, SimonMed Imaging discovered suspicious activity on its own network.

Upon investigation, the company confirmed that it had been targeted by a ransomware attack conducted by the cybercriminal group MEDUSA. The unauthorized access to SimonMed Imaging's systems occurred between January 21, 2025, and February 5, 2025.

The MEDUSA ransomware group claims to have obtained approximately 212.616 GB of SimonMed Imaging's data and has threatened to publish this information within 14-15 days. Sample screenshots of the stolen data have already been provided on the group's dark web portal on the Tor network.

According to a disclosure filed with the Maine Attorney General, a total of 1,275,669 people are affected by the breach.

The cyberattack compromised both personally identifiable information (PII) and protected health information (PHI). According to an updated Notice of Data Incident published on the SimonMed website, exposed information included names, addresses, dates of birth, Social Security numbers, driver's license or state ID numbers, dates of service, provider names, medical record numbers, patient numbers, medical conditions, diagnosis and/or treatment information, medical information, medical imaging, medications, health insurance information, financial account number, authentication credentials and biometric identifiers.

SimonMed first disclosed the data breach to the U.S. Department of Health and Human Services on March 27, 2025. Impacted individuals includes both current and former patients.

The company has begun notifying affected individuals by mail. The cybersecurity incident was also reported to the California Attorney General's office, the Massachusetts Attorney General the Vermont Attorney General and the Texas Attorney General between on Oct. 10, 2025 and Oct. 14, 2025.

SimonMed Imaging's response

Upon discovering the breach, SimonMed Imaging took steps to protect its systems and data and notified law enforcement. Measures included resetting passwords, enhancing multi-factor authentication, implementing endpoint detection and response monitoring, removing all third-party vendor direct access to SimonMed's systems and limiting network traffic to only whitelisted sources.

The company is also offering impacted individuals free Experian IdentityWorks credit monitoring and identity restoration services.

If you receive notice from SimonMed Imaging or your provider about this breach, you may want to:

• Sign up for the free credit monitoring and identity restoration services, offered by the healthcare organization.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.