Comparitech has reported SimonMed Imaging over the weekend confirmed 1,275,669 people had been affected in its January 2025 data breach, which was claimed by ransomware gang Medusa with a $1 million ransom demand.
Rebecca Moody, Head of Data Research at Comparitech has this comment:
“This attack on SimonMed Imaging becomes the second-largest data breach on a healthcare company this year (via ransomware). Overall, we’ve noted 96 attacks on healthcare providers (worldwide) this year with over 8.7 million records breached across these attacks. The average ransom across these attacks has been $660,000, putting Medusa’s demand of $1 million from SimonMed well above average.
The attack also highlights our recent findings that healthcare providers are facing an increased threat of attacks via the third parties they use to carry out certain services. In the case of SimonMed Imaging, it appears that this attack was successful due to a breach of one of its vendors. With such highly sensitive data on offer, healthcare organizations remain a key target for hackers and even those with the most robust of cybersecurity practices can still find themselves at the center of devastating breaches due to attacks via the third parties they use.”
Ensar Seker, CISO at SOCRadar follows with this comment:
“The SimonMed breach illustrates the perfect storm we often fear in healthcare cybersecurity: a long dwell time, a wide scope of compromised data, and a ransomware group bold enough to publicize both the theft and ransom demand. Attacks like this are not just about health records they compromise full digital identities, from SSNs to login credentials, and create cascading risks of identity theft, insurance fraud, and even social engineering attacks on hospitals or insurers.
What’s especially troubling here is the theft of authentication credentials, which could be weaponized for secondary attacks or network persistence.
This attack isn’t a good one. And I have the feeling that this one will have far reaching effects for some time to come. By that I mean months or even years.
Healthcare organizations remain attractive targets because of their sensitive datasets, complex third-party ecosystems, and historically underfunded cybersecurity operations. Ransomware gangs like Medusa don’t just want to encrypt but they want to extract maximum leverage by exfiltrating and publishing stolen data. This reinforces the urgent need for real-time anomaly detection, segmented architectures, and a zero-trust posture across healthcare networks. It’s also a wake-up call that disclosure timelines must improve; weeks of unauthorized access is far too long in any sector, but in healthcare, it’s catastrophic.”
Related
This entry was posted on October 13, 2025 at 3:43 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
SimonMed Imaging Pwned By Medusa
Comparitech has reported SimonMed Imaging over the weekend confirmed 1,275,669 people had been affected in its January 2025 data breach, which was claimed by ransomware gang Medusa with a $1 million ransom demand.
Rebecca Moody, Head of Data Research at Comparitech has this comment:
“This attack on SimonMed Imaging becomes the second-largest data breach on a healthcare company this year (via ransomware). Overall, we’ve noted 96 attacks on healthcare providers (worldwide) this year with over 8.7 million records breached across these attacks. The average ransom across these attacks has been $660,000, putting Medusa’s demand of $1 million from SimonMed well above average.
The attack also highlights our recent findings that healthcare providers are facing an increased threat of attacks via the third parties they use to carry out certain services. In the case of SimonMed Imaging, it appears that this attack was successful due to a breach of one of its vendors. With such highly sensitive data on offer, healthcare organizations remain a key target for hackers and even those with the most robust of cybersecurity practices can still find themselves at the center of devastating breaches due to attacks via the third parties they use.”
Ensar Seker, CISO at SOCRadar follows with this comment:
“The SimonMed breach illustrates the perfect storm we often fear in healthcare cybersecurity: a long dwell time, a wide scope of compromised data, and a ransomware group bold enough to publicize both the theft and ransom demand. Attacks like this are not just about health records they compromise full digital identities, from SSNs to login credentials, and create cascading risks of identity theft, insurance fraud, and even social engineering attacks on hospitals or insurers.
What’s especially troubling here is the theft of authentication credentials, which could be weaponized for secondary attacks or network persistence.
This attack isn’t a good one. And I have the feeling that this one will have far reaching effects for some time to come. By that I mean months or even years.
Healthcare organizations remain attractive targets because of their sensitive datasets, complex third-party ecosystems, and historically underfunded cybersecurity operations. Ransomware gangs like Medusa don’t just want to encrypt but they want to extract maximum leverage by exfiltrating and publishing stolen data. This reinforces the urgent need for real-time anomaly detection, segmented architectures, and a zero-trust posture across healthcare networks. It’s also a wake-up call that disclosure timelines must improve; weeks of unauthorized access is far too long in any sector, but in healthcare, it’s catastrophic.”
Share this:
Like this:
Related
This entry was posted on October 13, 2025 at 3:43 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.