SimonMed Imaging, Arizona, has confirmed a ransomware attack by the Medusa group. The attackers claim to have stolen 212 GB of protected health information (PHI) and are demanding a $1 million ransom.
What happened
The Medusa ransomware group recently targeted SimonMed Imaging, a radiology practice based in Scottsdale, Arizona. The attackers claim to have stolen 212 GB of PHI, including medical records, corporate emails, diagnostic images, and Social Security numbers.
Medusa has posted 45 proof files on its dark web leak site and is demanding a $1 million ransom, with a deadline set for February 21, 2025. Despite the attack, SimonMed Imaging has stated that no files were encrypted, and all clinical systems remain secure.
Going deeper
The company confirmed the security breach last Thursday, noting that the attack was identified and interrupted before any data was encrypted. Some systems were temporarily taken offline to contain the threat, leading to minor operational slowdowns. Cybersecurity firm Palo Alto Networks’ Unit42 has been enlisted to assess and enhance security measures.
What was said
In an interview with Radiology Business, Jenna Lloyd, SimonMed Imaging’s chief marketing officer, stated, “To immediately contain the situation, we temporarily took some systems offline, resulting in some operational slowdowns… We are fully operational, as we immediately remediated and contained the situation.”
Why it matters
The attack on SimonMed Imaging is part of a larger pattern, with similar incidents at Pinehurst Radiology Associates and University Diagnostic Medical Imaging. As these ransomware attacks increase, they compromise patient data security and operational stability.
The bottom line
While SimonMed was able to contain the attack without operational shutdowns, the data breach could still have long-term implications for the organization and affected individuals. Ultimately, healthcare organizations must improve their cybersecurity and stay vigilant as cybercriminals continue to target medical data for ransom.
FAQs
What is a ransomware attack?
Ransomware attacks are a type of cyberattack where hackers gain unauthorized access to a computer, encrypt its data, and demand the return of this data upon payment.
Hackers often target sensitive information like personal, financial, or healthcare data, crippling their operations until the ransom is paid or recovered by other means.
Ransomware typically spreads through phishing emails, malicious links, or software vulnerabilities, exploiting weak cybersecurity defenses. Even after paying the ransom, victims are not guaranteed data recovery.
What is a data breach?
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
See also: How to respond to a data breach
How can healthcare organizations prevent breaches?
They can adopt multi-factor authentication, regular audits, employee training, and advanced encryption methods to protect patient data.
Learn more: HIPAA Compliant Email: The Definitive Guide
