Ransomware Gangs Attack Sault Ste. Marie Tribe of Chippewa Indians & SimonMed Imaging
SimonMed Imaging and the Sault Ste. Marie Tribe of Chippewa Indians have suffered ransomware attacks, and the San Diego trade union, UFCW Local 135, has reported a breach of the personal data of more than 62,000 individuals.
SimonMed Imaging
SimonMed Imaging, a radiology practice in Scottsdale, Arizona, was targeted by a ransomware group. A spokesperson for the practice said the attack was identified and interrupted before any files were encrypted. Some systems were temporarily taken offline, which caused a delay to some services; however, the practice remained fully operational throughout. The spokesperson said there was no unauthorized access to any clinical systems.
The Medusa ransomware group has claimed responsibility for the attack and added SimonMed Imaging to its data leak site, along with apparent proof of data theft. 45 files were added to the listing, and the group claimed it stole 212 GB of data in the attack and demanded a $1 million ransom payment. Medusa gave SimonMed Imaging until February 21, 2025, to pay the ransom. Medusa claims to have stolen data such as medical records, emails, diagnostic images, and Social Security numbers; however, the data theft has not been confirmed by SimonMed Imaging at this point in time.
Update: SimonMed has confirmed it fell victim to a cyberattack. Further information can be viewed in this post.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Sault Ste. Marie Tribe of Chippewa Indians
Sault Ste. Marie Tribe of Chippewa Indians has fallen victim to a RansomHub ransomware attack. According to the substitute breach notice, the attack occurred on February 9, 2025, and affected multiple phone and computer systems across the tribal administration, health centers, and various businesses, including the Kewadin casinos.
Cybersecurity experts have been engaged to investigate the incident and determine the extent of any data theft. New phone lines have been set up; however, computer systems remain out of action, which means the tribe is currently operating in a limited capacity. The RansomHub group claims to have stolen 119 GB of data, including from health centers in Sault Ste. Marie, St. Ignace, Manistique, Munising, Escanaba, and Hessel, and traditional medicine program facilities. RansomHub is threatening to publish the stolen data if the ransom is not paid. It is unclear to what extent patient data has been compromised.
UFCW Local 135
UFCW Local 135, a San Diego, CA-based trade union serving several industries, including healthcare, pharmacy, and dental, detected a cyberattack on August 23, 2024. Action was promptly taken to secure its network, and a third-party digital forensics company was engaged to investigate the unauthorized activity. The investigation confirmed that an unauthorized third party had access to data on its network and may have exfiltrated files.
The file review identified individuals affected by the attack and individual notifications were mailed on January 28, 2025. Then, on February 3, 2025, additional individuals were confirmed as affected, and individual notifications were mailed to those individuals on February 12, 2025. The affected 62,692 individuals have been offered complimentary credit monitoring and identity theft protection services. The exposed data included names, driver’s license numbers, contact details, employment data, and Social Security numbers.
