Ransomware Gang "Fog" Claims Massive Data Breach Affecting 138,000 Patients at NYC Radiologist

A ransomware group known as Fog has reportedly stolen the personal and medical data of 138,000 patients from University Diagnostic Medical Imaging (UDMI), a radiology practice based in New York City. The breach, which occurred in November 2024, exposed sensitive information such as patient names, addresses, dates of birth, referring physicians, medical treatments, and diagnoses.

Fog claims to have taken 28.1 GB of data from UDMI’s systems. While UDMI started notifying affected patients in January 2025, the organization has not yet confirmed Fog’s allegations. It remains unclear whether UDMI paid a ransom, how much was demanded, or how the attackers gained access to the network. Efforts to reach UDMI for comment have so far been unsuccessful.

In a statement to patients, UDMI said, “The investigation determined that certain UDMI information was accessed without authorization for a limited amount of time on November 26, 2024.” Notably, the notice did not include offers for free credit monitoring or identity theft protection, which are often provided in breaches involving highly sensitive data like Social Security numbers.

Who is Fog?

Fog is a ransomware group that first appeared in July 2024. While it initially targeted U.S. schools, it has since expanded its focus to include healthcare organizations and other sectors. Unlike many ransomware groups that only encrypt files, Fog also steals data and targets development environments.

Since its emergence, Fog has claimed responsibility for 18 confirmed attacks and 157 unconfirmed incidents. The UDMI breach is its largest to date in terms of the number of records affected, surpassing its previous attack on medical device maker PRC-Saltillo. Another notable victim is Asbury Theological Seminary in Kentucky, where a June 2024 breach impacted at least 943 students.

The Growing Threat of Ransomware in Healthcare

The UDMI data breach is part of a disturbing rise in ransomware attacks targeting the healthcare sector. In 2024 alone, researchers documented 146 confirmed ransomware attacks on U.S. healthcare organizations, compromising more than 24.8 million records. The average ransom demand in these attacks was $1.05 million.

In 2025, four confirmed ransomware attacks and 58 unconfirmed claims have already been reported. Other recent incidents include:

• Community Care Alliance: Breached by the Rhysida group in July 2024, affecting 115,000 individuals. The attackers demanded a $1.5 million ransom.
• Sunflower Medical Group: Targeted by Rhysida in December 2024, compromising 221,000 records. The ransom demand was around $1 million.
• Bay Cove Human Services: Hit by an unidentified ransomware group in December 2024, impacting 25,000 people.

Why Healthcare is a Prime Target

Hospitals, clinics, and other healthcare providers are increasingly targeted by ransomware groups because of the critical nature of their operations. These attacks can lock down systems, disrupt patient care, and expose sensitive data. Organizations are often forced to choose between paying a ransom or facing extended downtime, data loss, and potential harm to patients.

The consequences of such attacks can be severe, affecting access to medical records, appointment scheduling, payroll systems, prescription management, and communication with patients.

What Can Be Done?

The UDMI breach highlights the urgent need for stronger cybersecurity measures in healthcare. Organizations must invest in advanced threat detection, employee training, and robust incident response plans to protect patient data and maintain trust.

As ransomware groups like Fog continue to evolve, staying informed and proactive is essential. Healthcare providers must prioritize cybersecurity to safeguard sensitive information and ensure the continuity of care for their patients.