Massive Healthcare Data Breach Exposes 1.2 Million Patients
In one of the largest healthcare data breaches of 2025, hackers stole sensitive medical records and financial information from approximately 1.2 million patients at SimonMed Imaging, a major outpatient radiology provider. The Medusa ransomware group claimed responsibility for the attack, which compromised patient IDs, financial details, and medical scans between January 21 and February 5, 2025.
Key Takeaways
- 1.2 million patients affected by SimonMed Imaging data breach
- Medusa ransomware group stole 200+ GB of sensitive data
- Exposed information includes medical scans, IDs, and financial records
- Attackers demanded $1 million ransom to delete stolen files
How the SimonMed Breach Unfolded
SimonMed Imaging first learned about the security incident in January 2025 when one of its vendors alerted them to potential problems. The following day, the company detected suspicious activity on its own network and immediately implemented security measures including password resets, two-factor authentication, and tightened endpoint security.
Unfortunately, the response came too late. Cybercriminals had already infiltrated the systems and exfiltrated massive amounts of sensitive patient data over a two-week period.
What Information Was Stolen
While SimonMed’s official filing described the breach as exposing names and basic data elements, the ransomware group’s claims indicate a much more extensive compromise. According to the attackers, the stolen dataset included:
- Identity documents and government IDs
- Payment details and financial information
- Medical reports and account balances
- Raw medical imaging scans
This type of information is particularly valuable on dark web marketplaces, where medical records and identity documents are sold to fraud operators for financial scams, insurance fraud, and prescription drug abuse.
Medical breaches are harder to recover from because you cannot reset or replace a medical history or a government ID scan the same way you can change a password.
Protecting Yourself After the Breach
Even though SimonMed is offering complimentary credit monitoring services, affected patients should take additional precautions since leaked data often circulates long after the initial incident.
Essential Security Steps
1. Monitor Your Accounts Closely
Regularly review bank statements, insurance records, and medical billing activity. Cybercriminals often test stolen information with small transactions before attempting larger fraud.
2. Strengthen Your Digital Security
Change passwords for any accounts related to SimonMed or healthcare services. Enable two-factor authentication everywhere possible and consider using a password manager to generate strong, unique credentials.
3. Consider Identity Protection Services
Identity theft protection services can monitor dark web listings and alert you if your information appears in leaked databases. Some plans include legal support and credit restoration assistance.
4. Stay Vigilant Against Phishing
Be skeptical of emails or texts mentioning SimonMed or credit monitoring, especially if they request payment or personal verification. Attackers often reference recent breaches to make their scams appear legitimate.
The Bigger Picture
The SimonMed Imaging breach highlights the growing threat of cyberattacks on healthcare providers, which are becoming both more frequent and more invasive. Unlike financial data that can be changed, medical history and government identification documents represent permanent personal information that cannot be reset once compromised.
As healthcare organizations continue to digitize patient records, robust cybersecurity measures and become increasingly critical to protect sensitive medical information from falling into the wrong hands.
