SimonMed Imaging has confirmed a ransomware attack by the Medusa group, exposing the sensitive health and personal data of 1.27 million patients. The breach, which originated in January, highlights the severe risks posed by third-party vendor vulnerabilities in the healthcare sector.
The Australian Signals Directorate's latest Annual Cyber Threat Report reveals a cybercrime is reported every 6 minutes, with costs to businesses soaring. The report highlights the growing threat from state-sponsored actors and the impact of AI in enabling larger, faster attacks on the nation.
Harvard University has confirmed it was affected by a global cyber campaign exploiting a flaw in Oracle’s E-Business Suite. The attack, linked to the Cl0p ransomware group, targeted over 100 organisations worldwide, prompting urgent patching and investigation.
SimonMed Imaging has confirmed a ransomware attack by the Medusa group, exposing the sensitive health and personal data of 1.27 million patients. The breach, which originated in January, highlights the severe risks posed by third-party vendor vulnerabilities in the healthcare sector.
Cyber News Centre's cyber update for 17th October 2025: SimonMed Imaging has confirmed a major data breach that exposed the personal and medical information of 1.27 million patients following a ransomware attack by the Medusa group.
SimonMed Imaging is one of the largest outpatient medical imaging providers and radiology practices in the United States, with approximately 170 facilities across 11 states.
The Update: The incident, which began in late January 2025, involved unauthorised access to SimonMed's network for approximately two weeks. The Medusa ransomware group, which claimed responsibility on February 7, allegedly stole over 212 GB of data and demanded a $1 million ransom. The compromised information is extensive, including patient names, addresses, social security numbers, driver's license numbers, financial details, and a wide range of sensitive medical information such as diagnoses, treatments, and medications.
"Upon discovering we were the victim of a criminal attack, we immediately began an investigation and took steps to contain the situation," SimonMed stated.
SimonMed began notifying affected individuals on October 10, nearly nine months after the initial intrusion. The company has stated it has no evidence the compromised information has been used for fraud, and is offering identity theft protection services to those affected. The breach was initiated through a compromised third-party vendor, highlighting the persistent threat of supply chain attacks in the healthcare sector.
Why it Matters: This breach is the second-largest ransomware-related incident in the US healthcare sector this year, demonstrating the relentless targeting of medical providers by cybercriminals. The exposure of such a vast and detailed dataset creates a significant risk of identity theft, sophisticated phishing campaigns, and other fraudulent activities for the 1.27 million affected patients.
The nine-month delay between the breach and public notification raises serious questions about transparency and the effectiveness of breach disclosure regulations. For the broader healthcare industry, this incident serves as a stark reminder of the critical need for robust third-party risk management and comprehensive security measures to protect against supply chain vulnerabilities.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
The Australian Signals Directorate's latest Annual Cyber Threat Report reveals a cybercrime is reported every 6 minutes, with costs to businesses soaring. The report highlights the growing threat from state-sponsored actors and the impact of AI in enabling larger, faster attacks on the nation.
Harvard University has confirmed it was affected by a global cyber campaign exploiting a flaw in Oracle’s E-Business Suite. The attack, linked to the Cl0p ransomware group, targeted over 100 organisations worldwide, prompting urgent patching and investigation.
The Legal Practice Board of WA is notifying victims of a major data breach that took place in May after a ransomware attack by the Dire Wolf group compromised sensitive practitioner data.
Elite Washington D.C. law firm Williams & Connolly, has confirmed a nation-state-backed cyberattack. The breach leveraged a zero-day vulnerability to access attorney email accounts, part of a broader espionage campaign targeting the US legal sector.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
