Blog

More than 1 million patients have been affected by a data breach involving SimonMed Imaging, one of the largest outpatient radiology and medical imaging providers in the country. The breach came to light after a cyberattack compromised sensitive patient data, with reports indicating that ransomware operators may have been behind the incident. What makes this case particularly concerning is the scale of the attack and the type of information stolen, which could easily be misused for financial or identity fraud.

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

What happened at SimonMed Imaging?

In January 2025, one of its vendors alerted SimonMed Imaging about a potential security incident. The next day, the company noticed suspicious activity on its own network. The company says in response it reset passwords, enforced two-factor authentication and beefed up endpoint security while cutting off access to third-party vendors.

Unfortunately, the attackers had already gained access. Between January 21 and February 5, 2025, cybercriminals exfiltrated sensitive data belonging to around 1.2 million people. The Medusa ransomware group later claimed responsibility, claiming that they had stolen more than 200GB of data, including patient IDs, financial records, and medical scans.

DISCORD CONFIRMS BREACH OF PROVIDER USER ID EXPOSED IN RESCUE PLOT

SimonMed Imaging discovered suspicious network activity in January 2025, prompting an immediate security response and system crash. (Kurt “CyberGuy” Knutsson)

The attackers reportedly demanded $1 million to delete the stolen files, or $10,000 per day to delay publication. SimonMed was later removed from the Medusa leak site, which could suggest a ransom payment, although the company has not confirmed this. SimonMed subsequently hired cybersecurity experts to investigate and offered free credit monitoring services to affected individuals.

COLUMBIA UNIVERSITY DATA BREACH AFFECTS 870,000 PEOPLE

Hackers linked to the Medusa ransomware group stole data from 1.2 million patients, including IDs, financial details and medical scans. (Kurt “CyberGuy” Knutsson)

What data was exposed in the SimonMed leak

While SimonMed’s official filing described the exposed data as names and other data elements, the ransomware group’s claims suggest a much broader leak. According to the attackers, the stolen data set included ID documents, payment details, medical reports, account balances, and raw image scans (via BleepingComputer).

This information is extremely valuable on dark web markets. Identity details and medical records are often sold wholesale to fraud operators who use them to commit financial scams, insurance fraud or obtain prescription drugs. Medical breaches are more difficult to recover from because you can’t reset or replace a medical record or government ID scan the same way you can change a password.

We reached out to SimonMed for comment but did not receive a response by deadline.

DELIVERY GIANT’S DATA BREACH EXPOSES 40,000 PERSONAL RECORDS

After the breach, SimonMed hired cybersecurity experts, beefed up defenses, and offered free credit monitoring to affected individuals. (Kurt “CyberGuy” Knutsson)

7 steps you can take to stay protected

Although the company offers free credit monitoring, leaked data often circulates long after an incident becomes public. That’s why it’s important to take extra precautions on your part to reduce the long-term impact of this breach and prepare your personal security for the future.

1) Use a data removal service

People search sites collect personal records and make them available to the public. Data removal services handle disclosure and removal on your behalf, reducing your exposed footprint online. With less information readily available, it is more difficult for attackers to create a complete identity profile for scams.

While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.

NEARLY ONE MILLION PATIENTS AFFECTED BY DAVITA DIALYSIS RANSOMWARE ATTACK

2) Change your passwords and use a password manager

If you have ever interacted with SimonMed or any related platform, please change your passwords immediately. Avoid reusing old passwords across different accounts. A password manager helps generate strong credentials and stores them securely so you don’t have to remember them manually. This reduces the risk of a breach affecting multiple accounts.

Next, check to see if your email has been exposed in previous breaches. Our #1 pick for password manager includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

3) Turn on two-factor authentication everywhere

Enabling 2FA adds an important layer of verification to your accounts. Even if someone gets your password, they won’t be able to log in without the code delivered to your phone or app. It is one of the simplest and most effective security updates you can perform.

4) Install a powerful antivirus

Modern malware includes remote access tools and silent monitoring modules that can remain hidden before launching an attack. Powerful antivirus software can detect unusual behavior, protect against ransomware, and alert you in real time if something tries to access your data without permission. It’s no longer just about traditional antivirus protection, but about active threat monitoring.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.

5) Monitor your financial and medical statuses

Periodically review your bank statements, insurance records, and medical billing activity. Cybercriminals often test stolen information with small, easily overlooked transactions before moving on to larger fraud attempts. Detecting and reporting them in time can prevent a much greater loss.

6) Consider an identity theft protection plan

Since breaches involving medical providers often expose sensitive identifiers, an identity protection service can be helpful. These services scan dark web listings, alert you when your information appears in leaked databases, and help you with recovery if fraud occurs. Some plans include legal support and help with credit restoration.

Identity theft companies can monitor personal information such as your social security number (SSN), phone number, and email address, and alert you if it is sold on the dark web or used to open an account. They can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best options on how to protect yourself from identity theft at Cyberguy.com.

7) Stay informed and cautious

After a major breach, attackers often launch phishing campaigns that reference the affected company to make it appear legitimate. Be skeptical of emails or text messages that mention SimonMed or credit monitoring, especially if they ask for payment or personal verification. Being aware of current scams and keeping your software up to date adds a strong layer of defense.

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s Key Takeaway

The SimonMed Imaging breach is another reminder that cyberattacks on healthcare providers are becoming more frequent and much more invasive. Once the data is taken, it can circulate indefinitely through criminal networks. Taking protective measures ahead of time, including monitoring your identity and reducing your data exposure online, can help you stay ahead of potential misuse.

Do you think healthcare providers are doing enough to protect your medical and personal data? Let us know by writing to us at Cyberguy.com

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

Copyright 2025 CyberGuy.com. All rights reserved.