Doctors Imaging Group Data Breach Exposes Sensitive Patient Information
Doctors Imaging Group, a Florida-based provider of medical scanning services such as MRI and X-ray imaging, experienced a significant data breach in November 2024 that resulted in the theft of sensitive information belonging to 171,862 patients. The breach was not publicly disclosed until nearly a year later, after the company completed its internal investigation on August 29, 2025, and subsequently notified the Department of Health and Human Services. The compromised data included a wide range of personally identifiable information (PII), such as names, addresses, dates of birth, and Social Security numbers. In addition to PII, the attackers accessed financial account numbers and types, patient account numbers, medical record numbers, health insurance details, and information related to medical treatments and insurance claims. The nature of the attack has not been specified by Doctors Imaging Group, and no known ransomware group or cybercrime operation has claimed responsibility for the incident. The breach was discovered after suspicious activity was detected on the network, prompting a swift response from the organization to investigate and secure their systems. Federal law enforcement and relevant regulatory authorities were notified as part of the incident response process. Affected individuals were informed via mailed letters, provided their address information was available, and the company has committed to reviewing and enhancing its cybersecurity policies and tools to prevent future incidents. The breach is notable for the breadth and sensitivity of the data exposed, which could be exploited for identity theft, financial fraud, or insurance fraud. The incident occurred during a period when several other healthcare organizations in the region, including Medical Associates of Brevard and Wayne Memorial Hospital, also reported significant data breaches, highlighting a broader trend of cyberattacks targeting the healthcare sector. Despite the scale of the breach, there is no public evidence that the stolen data has been misused or leaked by the attackers as of the time of disclosure. The delay in notification has raised concerns about the timeliness of breach disclosures in the healthcare industry, especially given the potential risks to affected patients. Doctors Imaging Group has reiterated its commitment to information security and is taking steps to strengthen its defenses in response to the incident. The breach underscores the ongoing vulnerability of healthcare providers to cyberattacks and the critical importance of robust data protection measures. Patients affected by the breach are advised to monitor their financial and medical accounts for signs of misuse. The incident serves as a reminder of the high value of medical and financial data on the black market and the persistent threat posed by cybercriminals to the healthcare sector.
Timeline
Oct 7, 2025
Doctors Imaging Group determines patient data was stolen
After investigating the breach, Doctors Imaging Group concluded that patient information had been compromised. Reporting in October 2025 said more than 171,000 people were affected.
Dec 1, 2024
Doctors Imaging Group suffers cyberattack
Doctors Imaging Group was attacked in late 2024, beginning an incident that disrupted the medical imaging business and led to a later investigation into possible data theft. The attack occurred roughly 10 months before the October 2025 reporting.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Medusa Group Data Breaches at SimonMed Imaging and Doctors Imaging Group
SimonMed Imaging and Doctors Imaging Group, two major radiology practices in the United States, have reported significant data breaches impacting nearly 1.5 million individuals. The cybercrime group known as Medusa has claimed responsibility for the attack on SimonMed Imaging, which occurred in January. Initially, SimonMed reported the breach to federal authorities with a placeholder estimate of 500 affected individuals, but later filings with the Maine attorney general revealed the true scope, with nearly 1.28 million patients impacted. The compromised data reportedly includes highly sensitive health information, such as a spreadsheet containing records of over 1 million mammograms performed by SimonMed. Medusa threatened to leak the stolen data on the dark web, escalating concerns about patient privacy and potential misuse of the information. The breach has already led to at least four proposed federal class action lawsuits against SimonMed, with plaintiffs alleging inadequate protection of patient data and highlighting the cybercriminal gang's public claims of exfiltrating 212 gigabytes of data. Doctors Imaging Group was also affected by a separate hacking incident, contributing to the total number of nearly 1.5 million individuals notified. Both organizations have begun notifying affected patients, as required by law, and are working with authorities to investigate the incidents. The attacks underscore the ongoing threat posed by ransomware and data extortion groups targeting healthcare providers, who often hold large volumes of sensitive personal and medical information. The Medusa group’s tactics include not only stealing data but also threatening public exposure to pressure victims into paying ransoms. The breach at SimonMed has drawn attention from regulators and the legal community, with scrutiny over the timeliness and accuracy of breach notifications. The incident highlights the importance of robust cybersecurity measures and incident response planning in the healthcare sector. Both radiology practices are likely to face increased regulatory oversight and potential financial penalties as investigations continue. The exposure of mammogram records and other health data raises significant concerns about patient safety, identity theft, and fraud. Healthcare organizations are being urged to review their security postures and ensure compliance with data protection regulations in light of these breaches. The Medusa group’s involvement in these attacks is part of a broader trend of cybercriminals targeting critical infrastructure and healthcare entities for financial gain.
1 months ago
Recent Data Breaches at U.S. Healthcare Providers
Multiple U.S. healthcare organizations have recently disclosed data breaches resulting from unauthorized access to sensitive patient information. Expert MRI, a radiology provider in California, reported that an attacker accessed its network between June and August 2025, exfiltrating data such as names, addresses, dates of birth, diagnoses, and, for some, Social Security numbers. The PEAR threat group claimed responsibility and briefly listed stolen data on its leak site, suggesting a ransom may have been paid. Revere Health in Utah experienced a breach of a third-party payment platform, potentially exposing patient names, dates of birth, addresses, medical record numbers, and partial Social Security numbers, though no evidence of misuse was found. Health Management Systems of America in Michigan disclosed a breach after an employee fell victim to a spear phishing attack, resulting in the unauthorized download of emails containing patient data. These incidents highlight the ongoing risks faced by healthcare organizations from both targeted ransomware groups and opportunistic phishing attacks. In response, affected providers have reported the breaches to regulators, enhanced their cybersecurity measures, and offered credit monitoring to impacted individuals. The number of affected patients varies by incident, with Revere Health reporting up to 10,800 impacted and Expert MRI yet to disclose a total. The breaches underscore the importance of robust security practices and employee awareness training to mitigate the risk of data compromise in the healthcare sector.
1 months ago
Multiple Healthcare Data Breaches Impacting U.S. Medical Providers
Several U.S. healthcare organizations have disclosed significant data breaches involving unauthorized access to patient and employee information. MedStar Health reported that an unauthorized third party accessed internal systems containing sensitive patient data, including names, dates of birth, Social Security numbers, and medical information. The Rhysida threat group claimed responsibility for this attack, alleging the exfiltration and leak of over 7 million pieces of patient data. Brevard Skin and Cancer Center also confirmed a cyberattack in which the Pear threat group claimed to have stolen 1.8 terabytes of data, affecting both patient and employee records with information such as Social Security numbers, health conditions, and billing details. Both organizations have offered complimentary credit monitoring and identity theft protection to affected individuals and are reviewing their cybersecurity measures. Henry Ford Health in Michigan disclosed an insider data breach affecting nearly 2,000 patients, resulting in the termination of the responsible employee and notification to those impacted. While details on the specific data accessed were not provided, credit monitoring services have been offered. These incidents highlight the ongoing risks faced by healthcare providers from both external threat actors and insider threats, emphasizing the need for robust security policies and continuous evaluation of protective measures to safeguard sensitive health information.
1 months ago