What Happened?
On January 27, 2025, SimonMed Imaging was alerted by one of our vendors that they were experiencing a security incident. After receiving this information, SimonMed Imaging (“SimonMed” or “we”) promptly began a review of our own systems and on the following day, January 28, 2025, discovered suspicious activity on our network (the “Incident”). Upon discovering we were the victim of a criminal attack, we immediately began an investigation and took steps to contain the situation, including resetting passwords, enhancing multifactor authentication, implementing endpoint detection and response monitoring, removing all third-party vendor direct access to systems within SimonMed’s environment and all associated tools, limiting only whitelisted traffic into and from our network, notifying law enforcement, and engaging data security and privacy professionals to assist.
Through our investigation, we determined that there was unauthorized access to our systems between January 21, 2025 and February 5, 2025. Due to the nature of the Incident, the investigation is still ongoing into what data pertaining to individuals was affected (“Information”). There is currently no evidence that any Information has been misused for identity theft or fraud in connection with the Incident, but we are taking the steps below out of an abundance of caution.
What Information Was Involved?
Based on the current findings of the investigation, the following types of Information may have been impacted: name, address, birth date, date of service, provider name, medical record number, patient number, medical condition, diagnosis and/or treatment information, medications, health insurance information, or driver’s license numbers.
Note that this describes general categories of Information identified as present within the affected systems during the Incident and includes categories that are not relevant to each individual whose Information may have been present. Relatedly, if we identify additional types of impacted Information, we will update our notification accordingly.
What We Are Doing.
In addition to the actions described above, the SimonMed team has been working diligently to continue our investigation and add further technical safeguards to our existing protections. We continue to work with leading privacy and security firms to aid in our investigation and response and we are reporting this Incident to relevant government agencies.
What Can Impacted Individuals Do?
The investigation is ongoing and the full list of individuals who were affected is not yet known. However, out of an abundance of caution, we encourage individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits forms, and to monitor free credit reports for suspicious activity and to detect errors. Under U.S. law, individuals are entitled to one (1) free credit report annually from each of the three (3) major credit reporting bureaus. Additional information and resources are outlined below.
We take this Incident and the security of information in our care seriously. If you have additional questions, you may contact us at 602-688-6116 Monday through Friday from 8:00 AM to 5:00 PM AZ time.
Steps You Can Take to Protect Your Personal Information
To obtain a free credit report, individuals may visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.
Alternatively, affected individuals can contact the three (3) major credit reporting bureaus directly at the addresses below:
Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111
Experian, PO Box 2104, Allen, TX 75013, www.experian.com, 1-888-397-3742
TransUnion, PO Box 2000, Chester, PA 19022, www.transunion.com, 1-800-888-4213
Free Credit Report. It is recommended that you remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring your credit report for unauthorized activity. You may obtain a copy of your credit report, free of charge, once every twelve (12) months from each of the three nationwide credit reporting agencies.
To order your annual free credit report please visit www.annualcreditreport.com or call toll free at 1-877-322-8228.
You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available from the U.S. Federal Trade Commission’s (“FTC”) website at www.consumer.ftc.gov) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.
Fraud Alert. You may place a fraud alert in your file by calling one of the three nationwide credit reporting agencies above. A fraud alert tells creditors to follow certain procedures, including contacting you before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit.
Security Freeze. You may obtain a security freeze on your credit report, free of charge, to protect your privacy and ensure that credit is not granted in your name without your knowledge. You may also submit a declaration of removal to remove information placed in your credit report as a result of being a victim of identity theft. You have a right to place a security freeze on your credit report, free of charge, or submit a declaration of removal pursuant to the Fair Credit Reporting and Identity Security Act.
The security freeze will prohibit a consumer reporting agency from releasing any information in your credit report without your express authorization or approval. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. When you place a security freeze on your credit report, you will be provided with a personal identification number, password, or similar device to use if you choose to remove the freeze on your credit report or to temporarily authorize the release of your credit report to a specific party or parties or for a specific period of time after the freeze is in place.
To place a security freeze on your credit report, you may be able to use an online process, an automated telephone line, or a written request to any of the three credit reporting agencies listed above. The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, and display your name, current mailing address, and the date of issue.
Federal Trade Commission and State Attorneys General Offices. If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your home state. You may also contact these agencies for information on how to prevent or avoid identity theft. Contact information for the Consumer Response Center of the Federal Trade Commission is 600 Pennsylvania Avenue, NW, Washington, DC 20580, www.ftc.gov/bcp/edu/microsites/idtheft/ or 1-877-IDTHEFT (438-4338).
