More than 1 million patients have been affected by a data breach involving SimonMed Imaging, one of the country’s largest outpatient radiology and medical imaging providers. The breach came to light after a cyberattack compromised sensitive patient data, with reports indicating that ransomware operators may have been behind the incident. What makes this case particularly concerning is the scale of the attack and the type of information stolen, which could easily be misused for financial or identity fraud.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
In January 2025, SimonMed Imaging was alerted by one of its vendors about a potential security incident. The following day, the company noticed suspicious activity on its own network. The company says in response, it reset passwords, enforced two-factor authentication and tightened endpoint security while cutting off third-party vendor access.
Unfortunately, the attackers had already gained access. Between Jan. 21 and Feb. 5, 2025, cybercriminals exfiltrated sensitive data belonging to around 1.2 million individuals. The Medusa ransomware group later claimed responsibility, alleging they had stolen more than 200 GB of data, including patient IDs, financial records and medical scans.
DISCORD CONFIRMS VENDOR BREACH EXPOSED USER IDS IN RANSOM PLOT
SimonMed Imaging discovered suspicious network activity in January 2025, prompting an immediate security response and system lockdown. (Kurt "CyberGuy" Knutsson)
The attackers reportedly demanded 1 million dollars to delete the stolen files, or 10,000 dollars per day to delay publishing. SimonMed was later removed from the Medusa leak site, which could suggest a ransom payment, although the company has not confirmed this. In the aftermath, SimonMed brought in cybersecurity experts to investigate and has offered complimentary credit monitoring services to affected individuals.
COLUMBIA UNIVERSITY DATA BREACH HITS 870,000 PEOPLE
Hackers linked to the Medusa ransomware group stole data from 1.2 million patients, including IDs, financial details and medical scans. (Kurt "CyberGuy" Knutsson)
While SimonMed’s official filing described the exposed data as names and other data elements, the ransomware group’s claims suggest a much broader leak. According to the attackers, the stolen dataset included identity documents, payment details, medical reports, account balances and raw imaging scans (via BleepingComputer).
Such information is extremely valuable on dark web marketplaces. Identity details and medical records are often sold in bulk to fraud operators who use them to commit financial scams, insurance fraud, or obtain prescription drugs. Medical breaches are harder to recover from because you cannot reset or replace a medical history or a government ID scan the same way you can change a password.
We reached out to SimonMed for comment, but did not hear back before our deadline.
DELIVERY GIANT’S DATA BREACH EXPOSES 40,000 PERSONAL RECORDS
After the breach, SimonMed hired cybersecurity experts, tightened defenses and offered free credit monitoring to affected individuals. (Kurt "CyberGuy" Knutsson)
Even though the company is offering free credit monitoring, leaked data often circulates long after an incident is closed publicly. That is why it is important to take additional precautions on your end to reduce the long-term impact of this breach and future-proof your personal security.
People-search sites collect personal records and make them publicly accessible. Data removal services handle outreach and removals on your behalf, which reduces your exposed footprint online. With less information easily available, it becomes harder for attackers to assemble a complete identity profile for scams.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
NEARLY A MILLION PATIENTS HIT BY DAVITA DIALYSIS RANSOMWARE ATTACK
If you have ever interacted with SimonMed or any related platform, change your passwords immediately. Avoid reusing old passwords across different accounts. A password manager helps generate strong credentials and stores them securely so you do not have to remember them manually. This reduces the risk of one breach affecting multiple accounts.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
Enabling 2FA adds an important layer of verification to your accounts. Even if someone gets hold of your password, they will not be able to log in without the code delivered to your phone or app. It is one of the simplest and most effective security upgrades you can make.
Modern malware includes remote access tools and silent monitoring modules that can stay hidden before launching an attack. Strong antivirus software can detect unusual behavior, protect against ransomware and alert you in real time if something attempts to access your data without permission. This is no longer just about traditional virus protection but active threat monitoring.
The best way to safeguard yourself from malicious links that install malware and potentially access your private information is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
Regularly review your bank statements, insurance records and medical billing activity. Cybercriminals often test stolen information with small, easily overlooked transactions before moving to larger fraud attempts. Catching and reporting these early can prevent a much bigger loss.
Because breaches involving medical providers often expose sensitive identifiers, an identity protection service can be useful. These services scan dark web listings, alert you when your information appears in leaked databases and assist with recovery if fraud occurs. Some plans include legal support and help with credit restoration.
Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.
After a major breach, attackers often launch phishing campaigns that reference the affected company to appear legitimate. Be skeptical of emails or texts mentioning SimonMed or credit monitoring, especially if they request payment or personal verification. Staying aware of current scams and keeping your software updated adds a strong layer of defense.
CLICK HERE TO GET THE FOX NEWS APP
The SimonMed Imaging breach is another reminder that cyberattacks on healthcare providers are becoming more frequent and far more invasive. Once data is taken, it can circulate indefinitely across criminal networks. Taking protective steps early, including monitoring your identity and reducing your exposed data online, can help you stay ahead of potential misuse.
Do you think healthcare providers are doing enough to protect your personal and medical data? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
IN TODAY’S NEWSLETTER: - Robby Starbuck on why he sued Google: 'Outrageously false’ information through…
Spotify is rolling out a major update for parents who want more control over what…
It starts with something small, a text that feels oddly familiar. Maybe it says, "Hey,…
One day, we might see glowing cities of glass scattered across the Moon's surface, shining…
Malware targeting Android devices has grown increasingly sophisticated. From fake banking apps to phishing campaigns,…
AURORA, Colo. – Police departments across the country are turning to virtual reality training to…