SimonMed Imaging, one of the largest outpatient radiology providers in the U.S., has fallen victim to a major cyberattack that compromised sensitive data belonging to over 1.2 million people.
According to a report filed with the Office of the Maine Attorney General, the incident began in late January 2025, when one of SimonMed’s vendors reported a potential security breach. A day later, SimonMed noticed suspicious activity on its own systems and moved quickly to contain the threat, resetting passwords, enabling two-factor authentication, and cutting off vendor access.
Unfortunately, the measures came too late. Between January 21 and February 5, attackers had already exfiltrated a massive trove of personal information. The company confirmed that stolen data included names and other identifying details, but ransomware group Medusa later claimed it also took 212GB of files, including patient IDs, payment information, medical reports, and raw scan images.
The group allegedly demanded $1 million to delete the data, or $10,000 per day to delay public release. The listing has since disappeared from Medusa’s leak site, sparking speculation that SimonMed may have paid the ransom even though the company has not confirmed this. SimonMed has notified regulators and brought in external cybersecurity experts to investigate. Affected patients are being offered free identity theft protection and credit monitoring through Experian.