Medical Associates of Brevard has confirmed a ransomware attack affecting 246,711 patients after the BianLian cybercrime group breached the Florida healthcare provider's systems in January 2025. The Melbourne-based medical practice, which operates six clinics across Brevard County, disclosed that attackers accessed names, Social Security numbers, medical records, and financial information during the incident, marking one of the year's largest healthcare breaches and showing the vulnerabilities in medical facilities serving diverse patient populations.
On January 17, 2025, Medical Associates of Brevard fell victim to a criminal cyberattack that compromised its computer systems. The BianLian ransomware group claimed responsibility for the breach shortly after, stating they had stolen accounting and human resources data, personal and health records, email correspondence, and other sensitive files from the healthcare provider's network.
The organization discovered the breach nearly six months later on July 7, 2025, when it identified which patients had been affected. Medical Associates of Brevard engaged third-party cybersecurity experts to investigate the incident and began notifying victims on September 5, 2025. The breach exposed names, dates of birth, Social Security numbers, driver's license or state ID numbers, medical treatment information, health insurance details, and for some individuals, financial account information.
Healthcare data breaches pose a risk because medical records contain both financial identifiers and health information. While credit card numbers can be changed and bank accounts monitored, medical histories remain permanently tied to individuals, creating lifelong vulnerabilities to insurance fraud, medical identity theft, and discriminatory practices.
The breach affects patients across Florida's Space Coast region, including many retirees and aerospace workers who rely on the clinic network for routine care. For elderly patients who may be less tech-savvy, navigating identity theft protection and monitoring services presents additional challenges, especially when notifications arrive months after the initial compromise.
Learn more: The impact of HIPAA violations on patient care
Medical Associates of Brevard is offering affected patients 12 to 24 months of free credit monitoring and identity restoration services through Experian. Victims must enroll by the deadline specified in their notification letters to receive these protective services.
Four law firms, Federman & Sherwood, Barnow and Associates, Srourian Law Firm, and additional firms working with ClassAction.org, have launched investigations into potential class action lawsuits. These firms are seeking affected individuals to serve as class representatives in litigation that could address both the security failures and the delayed notification timeline.
Ransomware is malicious software that cybercriminals use to attack computer systems. It encrypts files and demands payment for decryption keys.
BianLian is a ransomware group that steals data but doesn't encrypt systems. They've claimed responsibility for 91 attacks since 2021, with 37 targeting healthcare organizations.
Medical identity theft occurs when criminals use stolen health information to obtain medical services, prescription drugs, or file fraudulent insurance claims in the victim's name. Unlike financial fraud, medical fraud can corrupt health records with incorrect information that follows victims permanently.