U.S. medical imaging provider SimonMed Imaging is notifying more than 1.2 million individuals of a data breach that exposed their sensitive information.
SimonMed Imaging is an outpatient medical imaging and radiology services provider, including MRI and CT scans, X-ray, ultrasound, mammography, PET, nuclear medicine, bone density, and interventional radiology procedures.
The radiology company operates about 170 medical centers 11 U.S. states, and has an annual revenue of more than $500 million.
Three weeks of unauthorized access
According to the notice shared with the authorities, hackers compromised SimonMed's systems and had access to the company network at the beginning of the year between January 21 and February 5.
SimonMed learned about the breach on January 27, from one of its vendors, who alerted "that they were experiencing a security incident." After starting an investigation, the medical company confirmed the next day suspicious activity on its network.
“Upon discovering we were the victim of a criminal attack, we immediately began an investigation and took steps to contain the situation,", the company states.
The action taken included resetting passwords, multifactor authentication, adding endpoint detection and response (EDR) monitoring, removing third-party vendors' direct access to systems within SimonMed’s environment and its associated tools, and restricted inbound and outbound traffic to trusted connections
The company also notified law enforcement and the services of data security and privacy professionals.
SimonMed did not publicly share exactly what information was stolen by the attackers besides their full names, but considering the types of data medical imaging firms store on their systems, it may include highly sensitive information.
... continue reading