SimonMed Imaging Data Breach

SimonMed Imaging Data Breach: What Happened and What It Means for Patients

SimonMed Imaging Data Breach

In early 2025, SimonMed Imaging, one of the largest outpatient medical imaging providers in the United States, suffered a major data breach that exposed the personal and medical information of more than 1.2 million patients. The incident was linked to a cyberattack discovered in late January 2025. While operations continued without major disruption, investigators later confirmed that sensitive information was accessed and possibly stolen. The attackers are believed to be associated with the Medusa ransomware group.

Overview

SimonMed is known for affordable imaging services and the use of advanced AI technologies in radiology. The breach came to light in late January 2025 and subsequent investigation determined that attackers accessed files containing patient information. The company later confirmed to U.S. regulators that approximately 1,275,669 individuals were affected.

How It Happened

The timeline began around January 21, 2025, when suspicious activity was detected. On January 27, one of SimonMed’s technology vendors alerted the company to potential unauthorized access. Investigators found that cybercriminals infiltrated systems through the end of January into early February. Although the attack did not result in widespread system encryption, the threat actors claimed they exfiltrated over 200 gigabytes of data and demanded a $1 million ransom.

As a precaution, SimonMed took certain systems offline and launched an internal and external forensic review. The company reported that files accessed by the attackers may have contained names and addresses, birth dates, medical record numbers, diagnostic and treatment data, health insurance details, and in some cases driver’s license numbers and limited financial information.

Risks

Healthcare data breaches are particularly harmful because they combine personal identity details with medical and insurance information- data that is highly valuable to criminals. Information exposed in a breach like this can be used for identity theft, medical fraud, and targeted phishing or social engineering. Even if stolen data is not misused immediately, it can circulate for years, creating long-term risk.

Recommendations

SimonMed reported strengthening security controls after the incident, including multifactor authentication, enhanced endpoint monitoring, and tighter third-party access. Affected patients were offered complimentary credit monitoring and identity protection services.

What you can do:

  • Monitor your credit and bank statements and look for accounts or charges you don’t recognize.
  • Consider a credit freeze or fraud alert to prevent new accounts being opened in your name.
  • Be cautious with emails or texts referencing the breach; avoid clicking links or sharing personal details.
  • Change passwords and avoid reusing the same password across multiple sites.
  • Enroll in the free identity protection offered by SimonMed if you received an eligibility notice.

If you believe your information may have been exposed, contact SimonMed’s support channels for guidance on available protections. Awareness and proactive monitoring are your best defenses, because unlike a password, personal and medical data cannot simply be changed once stolen.