SimonMed Imaging gives official notice of cyberattack weeks after initial reports
SimonMed Imaging officially gave notice it has experienced a cyberattack on March 28, over a month after initial reports of the incident surfaced.
The Scottsdale, Arizona-based radiology practice said the “data incident” occurred in January and it is now notifying government agencies and impacted individuals.
“We take this incident and the security of information in our care seriously,” SimonMed, which employs over 200 radiologists working across 160 facilities in 10 states, said in a statement published by PR Newswire Friday.
One of SimonMed’s vendors alerted the practice on Jan. 27 that it had experienced a “security incident.” After receiving this communication, SimonMed “promptly began a review of our own systems.” On the following day, the practice discovered “suspicious activity on our network.”
“Upon discovering we were the victim of a criminal attack, we immediately began an investigation and took steps to contain the situation,” SimonMed said in the announcement. Actions in response to the tack included resetting passwords, enhancing multifactor authentication, implementing “endpoint detection and response monitoring,” removing all third-party vendor direct access to systems, and “whitelisting” traffic into and out of its network. “The SimonMed team has been working diligently to continue its investigation and add further technical safeguards to our existing protections,” the statement added later.
SimonMed said the unauthorized access to its system occurred sometime between Jan. 21 and Feb. 5, the investigation determined. “Due to the nature of the incident,” it noted, “the investigation is still ongoing into what data pertaining to individuals was affected.” Data security and privacy professionals aiding in the matter determined the leaked information may have included driver’s license numbers, birth dates, diagnoses, health insurance details and other info. The practice is encouraging all individuals who may have been impacted to “remain vigilant against incidents of identify theft and fraud.”
Previous reports
SuspectFile.com first reported news of the data breach on Feb. 11, but the original post has now been removed from the website as of March 31. Ransomware group Medusa apparently claimed responsibility for the cyberattack on the dark web, posting 45 proof files online. The hacker group had said it held over 212 GB of data from SimonMed and was seeking $1 million in Bitcoin with a deadline of Feb. 21, the outlet reported previously.
SimonMed last month declined to comment on reports that Medusa was involved in the incident. Attorneys subsequently filed a proposed class-action lawsuit Feb. 21, claiming that the practice failed to protect patients’ personal information ahead of the cyberattack. The FBI also published an alert about Medusa and its actions in the healthcare industry on March 14.
Marty Stempniak has covered healthcare since 2012, with his byline appearing in the American Hospital Association's member magazine, Modern Healthcare and McKnight's. Prior to that, he wrote about village government and local business for his hometown newspaper in Oak Park, Illinois. He won a Peter Lisagor and Gold EXCEL awards in 2017 for his coverage of the opioid epidemic.