SimonMed Imaging has confirmed that an external hacking incident compromised the personal data of 1,275,669 patients, making it one of the largest healthcare breaches of the year.
The breach, which occurred on January 21, 2025, but was not discovered until January 28, exposed names and other personal identifiers. Written notifications were sent to affected individuals on October 10, 2025.
Scope and Discovery of the Breach
On January 21, 2025, unauthorized actors gained access to an external system at SimonMed Imaging’s Scottsdale, Arizona facility.
The breach went undetected for a week until routine security monitoring flagged unusual activity on January 28.
An internal investigation confirmed that patient names and other personal identifiers were acquired, though the company has not disclosed additional details about the data elements accessed.
SimonMed Imaging reported that the total number of persons affected stands at 1,275,669, including 22 residents of Maine.
Because the number of impacted Maine residents remained below 1,000, notification to consumer reporting agencies was not required under state law. No prior breach notifications were issued in the preceding twelve months.
SimonMed Imaging retained Octillo Law PLLC to manage breach disclosures and compliance. On October 10, 2025, attorney Daniel Greene of Octillo Law PLLC sent written notices to all affected individuals, informing them of the incident, the type of information compromised, and recommended precautions.
The notifications included contact information for further inquiries and guidance on monitoring personal accounts for suspicious activity.
Unlike some other healthcare breaches, SimonMed did not offer identity theft protection services to affected patients.
The company cited its confidence in existing security measures and ongoing monitoring as justification for this decision. A sample letter provided to Maine residents can be viewed through the Maine Attorney General’s office portal.
This breach underscores the persistent threat hackers pose to healthcare organizations, which store vast amounts of sensitive data.
Patients should remain vigilant by checking credit reports, monitoring financial statements, and being wary of unsolicited communications requesting personal information.
Healthcare providers are reminded to bolster system monitoring, apply timely security patches, and ensure that breach detection tools are configured to alert administrators immediately when unusual activity occurs.
Cybersecurity experts emphasize that rapid detection and transparent communication are crucial for minimizing harm to patients and maintaining trust.
As SimonMed Imaging recovers from this incident, it joins a growing list of medical entities that have experienced significant data breaches, highlighting the need for the industry to prioritize robust security frameworks and regular penetration testing.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
