SimonMed Imaging’s failure to safeguard patient information led to ransomware attack, prompting class action suit

SimonMed Imaging is facing legal action following allegations that it failed to adequately safeguard patient information before a ransomware attack. The class-action lawsuit was filed by Maricopa County resident Rosemary Hamermaster seeking damages exceeding $5 million. The breach was initially reported by Radiology Business, revealing that hackers, known as Medusa, claimed responsibility for the attack and now have access to sensitive patient data.

The complaint, filed on February 21 in an Arizona district court, accuses SimonMed of neglecting to protect the personal and health information of hundreds of thousands of patients, potentially exposing them to criminal ransomware groups. Despite SimonMed’s claim that they thwarted the attack and prevented data encryption, the lawsuit alleges that the cybersecurity measures were insufficient, leading to the compromise of dates of birth, medical images, Social Security numbers, and other confidential data.

SimonMed, a practice with about 200 radiologists across 170 sites in 11 states, has yet to disclose the full extent of the breach or the specific information that was compromised. The plaintiff’s attorneys argue that at least 132,000 individuals have been affected by the incident and are demanding punitive damages, attorney fees, a declaratory judgment, and injunctive relief.

The lawsuit also seeks to compel SimonMed to provide a detailed account of the cyberattack and the types of information that were exposed. It highlights the emotional distress experienced by individuals impacted by the breach, exacerbated by the lack of transparency from the practice regarding the breach.

This incident is part of a growing trend of cyberattacks targeting radiology practices, with several other practices reporting data breaches over the past year. The healthcare industry has been increasingly targeted by hackers seeking to exploit vulnerabilities in cybersecurity protocols and ransom patient information. Some practices have been forced to pay hefty sums to hackers to recover stolen data or prevent its release.

In light of these incidents, the importance of robust cybersecurity measures and data protection protocols in healthcare organizations has been underscored. Ensuring the security and privacy of patient information is not only a legal requirement but also critical to maintaining trust and confidence in the healthcare system. Practitioners must remain vigilant and proactive in safeguarding sensitive data to prevent future breaches and protect the well-being of their patients.