BMG of Kansas Discloses Ransomware Breach Affecting 1,327 Individuals
BMG of Kansas Inc., a family-owned contract manufacturer based in Hesston, Kansas, recently reported a data breach impacting 1,327 individuals in the U.S. The incident, disclosed to the U.S. Department of Health and Human Services (HHS) on February 26, 2026, stemmed from a ransomware attack by the cybercriminal group Qilin.
On November 10, 2025, Qilin claimed responsibility for the breach, posting details on the Tor dark web network, a platform frequently used by threat actors to leak stolen data and demand ransoms. The company’s regulatory filing with HHS came over three months after Qilin’s initial claim, though public records do not specify when the breach occurred, when BMG discovered it, or when affected individuals were notified.
Since the breach was reported to HHS, it involved protected health information (PHI), which may include medical records, insurance details, treatment histories, and other sensitive health data. However, the exact types of exposed information remain undisclosed.
Details about BMG’s response to the incident are limited in public records. Individuals who suspect their data was compromised can contact the company directly at 620-327-4038 for further information.
Source: https://www.claimdepot.com/data-breach/bmg-2026
BMG Of Kansas, Inc. cybersecurity rating report: https://www.rankiteo.com/company/bmg-of-kansas-inc-
"id": "BMG1774384146",
"linkid": "bmg-of-kansas-inc-",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1327',
'industry': 'Manufacturing/Healthcare',
'location': 'Hesston, Kansas, USA',
'name': 'BMG of Kansas Inc.',
'type': 'Contract Manufacturer'}],
'customer_advisories': 'Affected individuals can contact BMG of Kansas at '
'620-327-4038 for further information.',
'data_breach': {'number_of_records_exposed': '1327',
'personally_identifiable_information': 'Medical records, '
'insurance details, '
'treatment histories',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Protected health information '
'(PHI)'},
'date_publicly_disclosed': '2026-02-26',
'description': 'BMG of Kansas Inc., a family-owned contract manufacturer '
'based in Hesston, Kansas, reported a data breach impacting '
'1,327 individuals in the U.S. The incident stemmed from a '
'ransomware attack by the cybercriminal group Qilin, which '
'claimed responsibility on November 10, 2025, and posted '
'details on the Tor dark web network. The breach involved '
'protected health information (PHI), including medical '
'records, insurance details, treatment histories, and other '
'sensitive health data.',
'impact': {'data_compromised': 'Protected health information (PHI), including '
'medical records, insurance details, treatment '
'histories, and other sensitive health data',
'identity_theft_risk': 'High'},
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Qilin'},
'references': [{'source': 'U.S. Department of Health and Human Services '
'(HHS)'},
{'source': "Tor dark web network (Qilin's claim)"}],
'regulatory_compliance': {'regulations_violated': 'HIPAA (assumed)',
'regulatory_notifications': 'Reported to U.S. '
'Department of Health '
'and Human Services '
'(HHS)'},
'threat_actor': 'Qilin',
'title': 'BMG of Kansas Ransomware Breach Affecting 1,327 Individuals',
'type': 'Ransomware'}