SimonMed Imaging Suffers Massive HIPAA Data Breach Affecting 1.3 Million Patients

SimonMed Imaging, one of the nation's largest independent diagnostic imaging providers, has reported a devastating cyberattack to the Department of Health and Human Services that compromised the protected health information (PHI) of 1,275,669 patients. The breach, reported on January 28, 2026, represents one of the largest healthcare data security incidents in recent years and highlights the ongoing vulnerability of healthcare networks to sophisticated ransomware attacks.

What Happened

Between January 21 and February 5, 2025, the Medusa ransomware group successfully infiltrated SimonMed Imaging's network servers and computer systems. The attackers maintained unauthorized access to the healthcare provider's systems for over two weeks, during which time they allegedly exfiltrated more than 200 gigabytes of sensitive patient data.

The Arizona-based imaging center discovered the breach and has since been working with cybersecurity experts and law enforcement to investigate the full scope of the incident. SimonMed has operations across multiple states, providing diagnostic imaging services including MRI, CT scans, mammography, and other medical imaging procedures.

This attack follows a disturbing trend of ransomware groups specifically targeting healthcare organizations, which often struggle to balance accessibility of patient data with robust cybersecurity measures.

Who Is Affected

The breach impacts over 1.2 million individuals who received services from SimonMed Imaging. Affected patients include those who:

• Underwent diagnostic imaging procedures at SimonMed facilities
• Had their information stored on the compromised network servers
• Received services during or prior to the attack timeframe

Patients across SimonMed's service areas in Arizona and other states where the company operates may be affected. The company is required to provide direct notification to all impacted individuals within 60 days of discovering the breach.

Breach Details

The Medusa ransomware group's attack on SimonMed's network servers resulted in the theft of extensive categories of protected health information, including:

Personal Identifiers:

• Full names
• Social Security numbers
• Contact information

Medical Information:

• Complete medical records
• Medical diagnoses
• Treatment information
• Diagnostic imaging files and results

Financial Data:

• Insurance information
• Payment records
• Billing details

The 200+ gigabytes of stolen data represents a treasure trove of information that cybercriminals can exploit for identity theft, medical fraud, and financial crimes. The inclusion of imaging files makes this breach particularly concerning, as these detailed medical records provide comprehensive health profiles of victims.

What This Means for Patients

Patients affected by this breach face multiple risks that could persist for years:

Identity Theft Risk: With Social Security numbers and personal information exposed, victims are at high risk for identity theft and fraudulent account creation.

Medical Identity Theft: Criminals can use stolen medical information to obtain fraudulent medical services, prescription drugs, or file false insurance claims.

Financial Fraud: Access to insurance and payment information enables fraudsters to submit fake claims or access financial accounts.

Privacy Violations: Sensitive medical diagnoses and imaging results represent deeply personal information that could be misused or sold on dark web marketplaces.

Long-term Monitoring Needs: The comprehensive nature of the stolen data means patients will need to monitor their credit, medical records, and insurance claims for potential fraud for years to come.

How to Protect Yourself

If you're a SimonMed Imaging patient, take these immediate steps:

Monitor Your Accounts:

• Check credit reports from all three bureaus monthly
• Review medical insurance statements for unfamiliar charges
• Watch bank and credit card statements closely

Secure Your Identity:

• Consider placing fraud alerts or credit freezes on your credit files
• Monitor your Social Security Administration account for suspicious activity
• Keep detailed records of all medical services you actually receive

Stay Vigilant:

• Be suspicious of unexpected medical bills or insurance communications
• Report any suspected fraud immediately to your insurance company
• Watch for phishing emails or calls claiming to be from SimonMed or related to the breach

Document Everything:

• Save all breach notifications and correspondence
• Keep records of any monitoring services offered by SimonMed
• Document any suspicious activity or potential fraud

Prevention Lessons for Healthcare Providers

The SimonMed breach offers critical lessons for healthcare organizations:

Network Segmentation: Isolating critical systems can limit the scope of successful attacks and prevent lateral movement by cybercriminals.

Advanced Threat Detection: Implementing AI-powered monitoring tools can help identify suspicious network activity before attackers can exfiltrate large amounts of data.

Regular Security Assessments: Comprehensive penetration testing and vulnerability assessments should be conducted regularly to identify and remediate security gaps.

Employee Training: Staff education on phishing, social engineering, and cybersecurity best practices remains crucial for preventing initial compromise.

Incident Response Planning: Having a tested incident response plan can minimize the time attackers have access to systems and reduce the scope of data theft.

Data Minimization: Healthcare providers should regularly audit what patient data they maintain and securely dispose of information that's no longer medically necessary.

The healthcare industry continues to be a prime target for cybercriminals due to the high value of medical information and the critical nature of healthcare operations. Organizations must prioritize cybersecurity investments and maintain robust HIPAA compliance programs to protect patient data and avoid costly breaches.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.