A ransomware group known as Fog has claimed responsibility for a November 2024 cyberattack on University Diagnostic Medical Imaging (UDMI), a radiology facility in the Bronx, New York. The attack compromised the personal and medical data of 138,080 patients, making it the gang’s largest confirmed breach to date by records affected.
According to Comparitech, Fog, which first emerged in July 2024, alleged on its leak site that it stole 28.1 GB of sensitive patient data, including names, addresses, birthdates, referring physicians, medical treatments, and diagnoses. UDMI began notifying affected individuals in January 2025 but has yet to confirm Fog’s claims. Details regarding whether a ransom was paid, the amount demanded, or how attackers infiltrated UDMI’s network remain unknown.
“The investigation determined that certain UDMI information was accessed without authorization for a limited amount of time on November 26, 2024,” UDMI stated in its breach notification. However, the notice did not mention any offer of free credit monitoring or identity theft protection, a service typically extended when breaches involve Social Security numbers.
Who is Fog?
Fog has built a reputation for targeting U.S. educational institutions, but its scope has expanded beyond schools. The group employs a double-extortion model—encrypting files while also exfiltrating sensitive data. Since its emergence, Fog has claimed responsibility for 18 confirmed ransomware attacks and 157 additional, yet-unverified breaches.
Among Fog’s previous high-profile attacks was an incident targeting medical device manufacturer PRC-Saltillo. Another recent attack saw Kentucky’s Asbury Theological Seminary notifying at least 943 students of a June 2024 data breach.
Ransomware’s Ongoing Toll on U.S. Healthcare
Ransomware remains one of the most pressing cybersecurity threats to U.S. healthcare providers. Comparitech researchers documented 146 confirmed ransomware attacks on healthcare organizations in 2024, compromising more than 24.8 million records. The average ransom demand for these attacks was $1.05 million.
In early 2025, four ransomware attacks on U.S. healthcare providers have been confirmed, with an additional 58 unverified claims made by various ransomware gangs. Recent high-profile breaches include:
Community Care Alliance (July 2024): 115,000 individuals affected; claimed by Rhysida with a $1.5 million ransom demand.
Sunflower Medical Group (December 2024): 221,000 individuals affected; claimed by Rhysida with a $1 million ransom demand.
Bay Cove Human Services (December 2024): 25,000 individuals affected; attackers unknown.
These attacks not only jeopardize sensitive patient data but can also paralyze critical healthcare operations. Hospitals and clinics often face devastating consequences, ranging from system downtime and payroll disruptions to delays in prescriptions and patient communications. Organizations caught in ransomware incidents must decide between paying exorbitant ransom fees or enduring operational standstills and reputational damage.