Ransomware gang says it stole 138,000 patients’ data from New York City radiologist

Ransomware group Fog today claimed responsibility for a November 2024 data breach at University Diagnostic Medical Imaging that compromised 138,080 patients’ names, addresses, dates of birth, referring physicians, medical treatments, and diagnoses.

Fog says it stole 28.1 GB of data from UDMI. UDMI started notifying patients in January 2025 of the breach, but it has not verified Fog’s claim. We do not yet know if UDMI paid a ransom, how much Fog demanded, or how attackers breached UDMI’s network. Comparitech contacted UDMI for comment and will update this article if it replies.

“The investigation determined that certain UDMI information was accessed without authorization for a limited amount of time on November 26, 2024,” says UDMI’s notice to victims.

The notice does not mention any offer of free credit monitoring or identity theft protection. Such offers are usually reserved for breaches that involve Social Security numbers.

Who is Fog?

Fog is a ransomware gang that first started claiming attacks on its website in July 2024. It has a history of targeting US schools but is not limited to them. In addition to encrypting files, Fog also steals data and targets development environments.

Fog has claimed 18 confirmed ransomware attacks since it began, plus another 157 unconfirmed claims that haven’t been acknowledged by the targeted organizations. This breach on UDMI’s is Fog’s biggest attack to date by number of records affected, followed by its attack on medical device maker PRC-Saltillo.

Following another recent Fog attack, Asbury Theological Seminary in Kentucky notified at least 943 students of a June 2024 data breach.

Ransomware attacks on US healthcare

Comparitech researchers logged 146 confirmed ransomware attacks on US healthcare companies in 2024, compromising more than 24.8 million records. The average ransom was $1.05 million.

In 2025 so far, we tracked four confirmed such attacks, plus 58 unconfirmed claims made by ransomware gangs.

Other recently confirmed ransowmare attacks on US direct care providers include:

• Community Care Alliance notified 115,000 people following a breach claimed by Rhysida in July 2024, who demanded a $1.5 million ransom
• Sunflower Medical Group notified 221,000 people following a breach claimed by Rhysida in December 2024, who demanded about $1 million
• Bay Cove Human Services notified 25,000 people after a December 2024 breach by an unknown group

Ransomware attacks on hospitals, clinics, and other care providers can lock down computer systems and steal data. Targets are forced to either pay a ransom or face extended downtime, data loss, and putting customers at risk of fraud. Ransomware can cripple a wide range of systems including access to medical records, appointment booking, payroll, prescriptions, patient communications, and more.

About University Diagnostic Medical Imaging

Founded in 1986, University Diagnostic Medical Imaging is a radiology facility in the Bronx, New York. It employs more than 50 people, according to its LinkedIn profile.