SimonMed Imaging Data Breach Compromises Social Security Numbers

On January 27, 2025, SimonMed Imaging was alerted by one of its vendors that they were experiencing a security incident. The following day, January 28, SimonMed Imaging discovered suspicious activity on its own network.

Upon investigation, the company confirmed that it had been targeted by a ransomware attack conducted by the cybercriminal group MEDUSA. The unauthorized access to SimonMed Imaging's systems occurred between January 21, 2025, and February 5, 2025.

The MEDUSA ransomware group claims to have obtained approximately 212.616 GB of SimonMed Imaging's data and has threatened to publish this information within 14-15 days. Sample screenshots of the stolen data have already been provided on the group's dark web portal on the Tor network.

The investigation into the breach is still ongoing, and the full number of individuals affected is not yet known. However, SimonMed Imaging has identified that the compromised systems potentially contained both personally identifiable information (PII) and protected health information (PHI).

The exposed data may include names, addresses, birthdates, driver's license numbers, health insurance information, medical record numbers, patient numbers, medical conditions, diagnosis and treatment details, medications, dates of service, and provider names.

SimonMed Imaging has provided a detailed notice of the data incident on its website.

SimonMed Imaging's response

Upon discovering the breach, SimonMed Imaging took several steps to protect its systems and data. These measures included resetting passwords, enhancing multi-factor authentication, implementing endpoint detection and response monitoring, removing all third-party vendor direct access to SimonMed's systems, limiting network traffic to only whitelisted sources, notifying law enforcement, and engaging data security and privacy professionals to assist with the investigation.

The company continues to work closely with leading privacy and security firms and has reported this incident to relevant government agencies. To help individuals protect themselves, SimonMed Imaging recommends that potentially affected individuals remain vigilant against incidents of identity theft and fraud. The company advises reviewing account statements, explanation of benefits forms, and monitoring free credit reports for any suspicious activity.

Individuals can obtain a free annual credit report from each of the three major credit reporting bureaus by visiting AnnualCreditReport.com or by calling 1-877-322-8228. Additionally, SimonMed Imaging has provided contact information for the three major credit bureaus—Equifax, Experian, and TransUnion—for affected individuals to place fraud alerts or security freezes on their credit files.

If you have further questions or concerns about this data breach, SimonMed Imaging has established a dedicated assistance line available Monday through Friday from 8:00 AM to 5:00 PM AZ time at 602-688-6116.

For more information about SimonMed Imaging, visit their official website at simonmed.com.