Hackers steal medical records and financial data from 1.2M patients in massive healthcare breach

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter.

In January 2025, SimonMed Imaging was alerted by one of its vendors about a potential security incident. The following day, the company noticed suspicious activity on its own network. The company says in response, it reset passwords, enforced two-factor authentication and tightened endpoint security while cutting off third-party vendor access.

The attackers reportedly demanded 1 million dollars to delete the stolen files, or 10,000 dollars per day to delay publishing. SimonMed was later removed from the Medusa leak site, which could suggest a ransom payment, although the company has not confirmed this. In the aftermath, SimonMed brought in cybersecurity experts to investigate and has offered complimentary credit monitoring services to affected individuals.

While SimonMed's official filing described the exposed data as names and other data elements, the ransomware group's claims suggest a much broader leak. According to the attackers, the stolen dataset included identity documents, payment details, medical reports, account balances and raw imaging scans (via BleepingComputer).

Such information is extremely valuable on dark web marketplaces. Identity details and medical records are often sold in bulk to fraud operators who use them to commit financial scams, insurance fraud, or obtain prescription drugs. Medical breaches are harder to recover from because you cannot reset or replace a medical history or a government ID scan the same way you can change a password.

We reached out to SimonMed for comment, but did not hear back before our deadline.

Even though the company is offering free credit monitoring, leaked data often circulates long after an incident is closed publicly. That is why it is important to take additional precautions on your end to reduce the long-term impact of this breach and future-proof your personal security.

People-search sites collect personal records and make them publicly accessible. Data removal services handle outreach and removals on your behalf, which reduces your exposed footprint online. With less information easily available, it becomes harder for attackers to assemble a complete identity profile for scams.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

If you have ever interacted with SimonMed or any related platform, change your passwords immediately. Avoid reusing old passwords across different accounts. A password manager helps generate strong credentials and stores them securely so you do not have to remember them manually. This reduces the risk of one breach affecting multiple accounts.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

Modern malware includes remote access tools and silent monitoring modules that can stay hidden before launching an attack. Strong antivirus software can detect unusual behavior, protect against ransomware and alert you in real time if something attempts to access your data without permission. This is no longer just about traditional virus protection but active threat monitoring.

The best way to safeguard yourself from malicious links that install malware and potentially access your private information is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

Regularly review your bank statements, insurance records and medical billing activity. Cybercriminals often test stolen information with small, easily overlooked transactions before moving to larger fraud attempts. Catching and reporting these early can prevent a much bigger loss.

Because breaches involving medical providers often expose sensitive identifiers, an identity protection service can be useful. These services scan dark web listings, alert you when your information appears in leaked databases and assist with recovery if fraud occurs. Some plans include legal support and help with credit restoration.

Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

After a major breach, attackers often launch phishing campaigns that reference the affected company to appear legitimate. Be skeptical of emails or texts mentioning SimonMed or credit monitoring, especially if they request payment or personal verification. Staying aware of current scams and keeping your software updated adds a strong layer of defense.

Do you think healthcare providers are doing enough to protect your personal and medical data? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.