Medusa Group Data Breaches at SimonMed Imaging and Doctors Imaging Group
SimonMed Imaging and Doctors Imaging Group, two major radiology practices in the United States, have reported significant data breaches impacting nearly 1.5 million individuals. The cybercrime group known as Medusa has claimed responsibility for the attack on SimonMed Imaging, which occurred in January. Initially, SimonMed reported the breach to federal authorities with a placeholder estimate of 500 affected individuals, but later filings with the Maine attorney general revealed the true scope, with nearly 1.28 million patients impacted. The compromised data reportedly includes highly sensitive health information, such as a spreadsheet containing records of over 1 million mammograms performed by SimonMed. Medusa threatened to leak the stolen data on the dark web, escalating concerns about patient privacy and potential misuse of the information. The breach has already led to at least four proposed federal class action lawsuits against SimonMed, with plaintiffs alleging inadequate protection of patient data and highlighting the cybercriminal gang's public claims of exfiltrating 212 gigabytes of data. Doctors Imaging Group was also affected by a separate hacking incident, contributing to the total number of nearly 1.5 million individuals notified. Both organizations have begun notifying affected patients, as required by law, and are working with authorities to investigate the incidents. The attacks underscore the ongoing threat posed by ransomware and data extortion groups targeting healthcare providers, who often hold large volumes of sensitive personal and medical information. The Medusa group’s tactics include not only stealing data but also threatening public exposure to pressure victims into paying ransoms. The breach at SimonMed has drawn attention from regulators and the legal community, with scrutiny over the timeliness and accuracy of breach notifications. The incident highlights the importance of robust cybersecurity measures and incident response planning in the healthcare sector. Both radiology practices are likely to face increased regulatory oversight and potential financial penalties as investigations continue. The exposure of mammogram records and other health data raises significant concerns about patient safety, identity theft, and fraud. Healthcare organizations are being urged to review their security postures and ensure compliance with data protection regulations in light of these breaches. The Medusa group’s involvement in these attacks is part of a broader trend of cybercriminals targeting critical infrastructure and healthcare entities for financial gain.
Timeline
Oct 13, 2025
Two radiology practices disclose breaches affecting nearly 1.5 million people
Two radiology practices reported separate hacking incidents that together affected nearly 1.5 million patients or individuals, according to the referenced coverage. The available references indicate public notification and disclosure of the breaches but provide no additional dated milestones.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Threat Actors
Sources
Related Stories
Medusa Ransomware Attack and Data Breach at SimonMed Imaging
SimonMed Imaging, one of the largest outpatient medical imaging providers in the United States, experienced a significant data breach following a ransomware attack by the Medusa group. The incident resulted in unauthorized access to SimonMed’s systems between January 21 and February 5, 2025, as confirmed by both company statements and regulatory filings. The breach was initially discovered on January 27, 2025, after a vendor notified SimonMed of a security incident, prompting an immediate internal investigation. The attackers reportedly stole approximately 200 GB of data, impacting over 1.2 million individuals whose sensitive information was exposed. SimonMed Imaging provides a wide range of diagnostic services, including MRI, CT, X-ray, ultrasound, mammography, PET, nuclear medicine, bone density, and interventional radiology, and operates around 170 medical centers across 11 states. The compromised data includes names, addresses, birth dates, dates of service, and provider names, with the potential for even more sensitive medical information to have been accessed, given the nature of the business. In response to the breach, SimonMed took several remediation steps, such as resetting passwords, strengthening multi-factor authentication, implementing enhanced endpoint detection and response monitoring, removing direct vendor access, and restricting network traffic to trusted connections. The company also engaged data security and privacy professionals and notified law enforcement authorities. As of October 10, 2025, SimonMed stated there was no evidence that the stolen information had been misused for identity theft or fraud. The company emphasized that the investigation is ongoing to determine the full scope of the data affected. The breach highlights the persistent threat of ransomware attacks targeting healthcare organizations, which often store large volumes of sensitive patient data. SimonMed’s swift response included notifying affected individuals and regulatory bodies, as required by law. The Medusa ransomware group’s involvement underscores the increasing sophistication and impact of cybercriminal operations against critical healthcare infrastructure. The incident has raised concerns about third-party vendor security, as the initial alert came from an external partner experiencing its own security issues. SimonMed’s annual revenue exceeds $500 million, and the scale of this breach is among the largest in the healthcare sector for 2025. The company continues to monitor for any signs of misuse of the compromised data and is providing support to affected individuals. This event serves as a stark reminder of the importance of robust cybersecurity measures and incident response planning in the healthcare industry.
1 months ago
Doctors Imaging Group Data Breach Exposes Sensitive Patient Information
Doctors Imaging Group, a Florida-based provider of medical scanning services such as MRI and X-ray imaging, experienced a significant data breach in November 2024 that resulted in the theft of sensitive information belonging to 171,862 patients. The breach was not publicly disclosed until nearly a year later, after the company completed its internal investigation on August 29, 2025, and subsequently notified the Department of Health and Human Services. The compromised data included a wide range of personally identifiable information (PII), such as names, addresses, dates of birth, and Social Security numbers. In addition to PII, the attackers accessed financial account numbers and types, patient account numbers, medical record numbers, health insurance details, and information related to medical treatments and insurance claims. The nature of the attack has not been specified by Doctors Imaging Group, and no known ransomware group or cybercrime operation has claimed responsibility for the incident. The breach was discovered after suspicious activity was detected on the network, prompting a swift response from the organization to investigate and secure their systems. Federal law enforcement and relevant regulatory authorities were notified as part of the incident response process. Affected individuals were informed via mailed letters, provided their address information was available, and the company has committed to reviewing and enhancing its cybersecurity policies and tools to prevent future incidents. The breach is notable for the breadth and sensitivity of the data exposed, which could be exploited for identity theft, financial fraud, or insurance fraud. The incident occurred during a period when several other healthcare organizations in the region, including Medical Associates of Brevard and Wayne Memorial Hospital, also reported significant data breaches, highlighting a broader trend of cyberattacks targeting the healthcare sector. Despite the scale of the breach, there is no public evidence that the stolen data has been misused or leaked by the attackers as of the time of disclosure. The delay in notification has raised concerns about the timeliness of breach disclosures in the healthcare industry, especially given the potential risks to affected patients. Doctors Imaging Group has reiterated its commitment to information security and is taking steps to strengthen its defenses in response to the incident. The breach underscores the ongoing vulnerability of healthcare providers to cyberattacks and the critical importance of robust data protection measures. Patients affected by the breach are advised to monitor their financial and medical accounts for signs of misuse. The incident serves as a reminder of the high value of medical and financial data on the black market and the persistent threat posed by cybercriminals to the healthcare sector.
1 months ago
Recent Data Breaches at U.S. Healthcare Providers
Multiple U.S. healthcare organizations have recently disclosed data breaches resulting from unauthorized access to sensitive patient information. Expert MRI, a radiology provider in California, reported that an attacker accessed its network between June and August 2025, exfiltrating data such as names, addresses, dates of birth, diagnoses, and, for some, Social Security numbers. The PEAR threat group claimed responsibility and briefly listed stolen data on its leak site, suggesting a ransom may have been paid. Revere Health in Utah experienced a breach of a third-party payment platform, potentially exposing patient names, dates of birth, addresses, medical record numbers, and partial Social Security numbers, though no evidence of misuse was found. Health Management Systems of America in Michigan disclosed a breach after an employee fell victim to a spear phishing attack, resulting in the unauthorized download of emails containing patient data. These incidents highlight the ongoing risks faced by healthcare organizations from both targeted ransomware groups and opportunistic phishing attacks. In response, affected providers have reported the breaches to regulators, enhanced their cybersecurity measures, and offered credit monitoring to impacted individuals. The number of affected patients varies by incident, with Revere Health reporting up to 10,800 impacted and Expert MRI yet to disclose a total. The breaches underscore the importance of robust security practices and employee awareness training to mitigate the risk of data compromise in the healthcare sector.
1 months ago