Hackers Strike Healthcare Firm – 1,275,669 People Told Names, Addresses, Health Records and Other Sensitive Records at Risk

A US-based healthcare firm just disclosed a data breach impacting more than 1.27 million patients after facing a cyberattack that appears to have compromised sensitive health and personal information.

According to a notice filed with the Maine Attorney General’s Office, the breach affected 1,275,669 individuals at Diagnostic imaging provider SimonMed Imaging nationwide.

SimonMed says the incident was first detected in January of this year, when unauthorized activity was identified within its computer systems.

A subsequent investigation confirmed that attackers accessed and potentially exfiltrated data before being contained.

The company is still reviewing affected files to identify all impacted individuals but early findings indicate the breach may have exposed and potentially stolen information such as names, addresses, birth dates, dates of service, provider names, medical record and patient numbers, medical conditions, diagnoses and treatments, medications, health insurance details and driver’s license numbers.

SimonMed has not confirmed the attackers’ identity or whether ransomware was involved. However, the Medusa ransomware group claimed responsibility, alleging it stole more than 212 gigabytes of data and demanded a $1 million ransom by February 21, 2025. At least one class action lawsuit has since been filed in connection with the incident.

SimonMed says it has strengthened its cybersecurity defenses following the breach, introducing enhanced multifactor authentication, password resets, endpoint monitoring and the removal of direct third-party vendor access to its systems. The company says additional safeguards will be implemented as the investigation continues.

Generated Image: Midjourney