SimonMed Confirms Medusa-Linked Breach Exposed Data of 1.27 Million Patients

Overview

• The radiology provider says hackers accessed its systems between January 21 and February 5 after a vendor’s alert led to the discovery of suspicious activity on January 27–28.
• Files potentially accessed include personal identifiers, medical records and imaging, insurance details, government ID and Social Security numbers, financial account data, authentication credentials, and biometric identifiers.
• SimonMed reports no evidence of identity theft or fraud to date and is offering impacted individuals identity protection services through Experian.
• Medusa claimed responsibility in February, said it stole roughly 200–212 GB of data, posted sample files as proof, and demanded a $1 million ransom with $10,000 per day for extensions.
• The company reset credentials, strengthened multifactor authentication, deployed endpoint detection and response, restricted third‑party access, and notified law enforcement while continuing its investigation.