Hackers leak medical reports after breach hits 1.2M patients

More than one million patients have been affected by a data breach involving SimonMed Imaging, one of the country’s largest outpatient radiology and medical imaging providers. The breach came to light after a cyberattack compromised sensitive patient data, with reports indicating that ransomware operators may have been behind the incident. What makes this case particularly concerning is the scale of the attack and the type of information stolen, which could easily be misused for financial or identity fraud.

What happened at SimonMed Imaging

In January 2025, SimonMed Imaging was alerted by one of its vendors about a potential security incident. The following day, the company noticed suspicious activity on its own network. The company says in response, it reset passwords, enforced two-factor authentication, and tightened endpoint security while cutting off third-party vendor access.

Unfortunately, the attackers had already gained access. Between January 21 and February 5, 2025, cybercriminals exfiltrated sensitive data belonging to around 1.2 million individuals. The Medusa ransomware group later claimed responsibility, alleging they had stolen more than 200 GB of data, including patient IDs, financial records, and medical scans.

The attackers reportedly demanded 1 million dollars to delete the stolen files, or 10,000 dollars per day to delay publishing. SimonMed was later removed from the Medusa leak site, which could suggest a ransom payment, although the company has not confirmed this. In the aftermath, SimonMed brought in cybersecurity experts to investigate and has offered complimentary credit monitoring services to affected individuals.

What data got exposed in the SimonMed breach

While SimonMed’s official filing described the exposed data as names and other data elements, the ransomware group’s claims suggest a much broader leak. According to the attackers, the stolen dataset included identity documents, payment details, medical reports, account balances, and raw imaging scans (via BleepingComputer).

Such information is extremely valuable on dark web marketplaces. Identity details and medical records are often sold in bulk to fraud operators who use them to commit financial scams, insurance fraud, or obtain prescription drugs. Medical breaches are harder to recover from because you cannot reset or replace a medical history or a government ID scan the same way you can change a password.

We reached out to SimonMed for comment, but did not hear back before our deadline.

7 steps you can take to stay protected

Even though the company is offering free credit monitoring, leaked data often circulates long after an incident is closed publicly. That is why it is important to take additional precautions on your end to reduce the long-term impact of this breach and future-proof your personal security.

1) Use a data removal service

People-search sites collect personal records and make them publicly accessible. Data removal services handle outreach and removals on your behalf, which reduces your exposed footprint online. With less information easily available, it becomes harder for attackers to assemble a complete identity profile for scams.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Is your personal information exposed online?

Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.

2) Change your passwords and use a password manager

If you have ever interacted with SimonMed or any related platform, change your passwords immediately. Avoid reusing old passwords across different accounts. A password manager helps generate strong credentials and stores them securely so you do not have to remember them manually. This reduces the risk of one breach affecting multiple accounts.

Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

3) Turn on two-factor authentication everywhere

Enabling 2FA adds an important layer of verification to your accounts. Even if someone gets hold of your password, they will not be able to log in without the code delivered to your phone or app. It is one of the simplest and most effective security upgrades you can make.

4) Install a trusted antivirus

Modern malware includes remote access tools and silent monitoring modules that can stay hidden before launching an attack. Strong antivirus software can detect unusual behavior, protect against ransomware, and alert you in real time if something attempts to access your data without permission. This is no longer just about traditional virus protection but active threat monitoring.

The best way to safeguard yourself from malicious links that install malware and potentially access your private information is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

5) Monitor your financial and medical statements

Regularly review your bank statements, insurance records, and medical billing activity. Cybercriminals often test stolen information with small, easily overlooked transactions before moving to larger fraud attempts. Catching and reporting these early can prevent a much bigger loss.

6) Consider an identity theft protection plan

Because breaches involving medical providers often expose sensitive identifiers, an identity protection service can be useful. These services scan dark web listings, alert you when your information appears in leaked databases, and assist with recovery if fraud occurs. Some plans include legal support and help with credit restoration.

Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

7) Stay informed and cautious

After a major breach, attackers often launch phishing campaigns that reference the affected company to appear legitimate. Be skeptical of emails or texts mentioning SimonMed or credit monitoring, especially if they request payment or personal verification. Staying aware of current scams and keeping your software updated adds a strong layer of defense.

Related Links:

• Browser extensions put millions of Google Chrome users at risk
• Medicare data breach exposes 100,000 Americans’ info
• Malware exposes 3.9 billion passwords in huge cybersecurity threat

Kurt’s key takeaway

The SimonMed Imaging breach is another reminder that cyberattacks on healthcare providers are becoming more frequent and far more invasive. Once data is taken, it can circulate indefinitely across criminal networks. Taking protective steps early, including monitoring your identity and reducing your exposed data online, can help you stay ahead of potential misuse.

Do you think healthcare providers are doing enough to protect your personal and medical data? Let us know in the comments below.

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.