MedRevenu Data Breach Exposes Sensitive Healthcare and Financial Data in Ransomware Attack
California-based revenue cycle management firm MedRevenu suffered a ransomware attack in December 2024, compromising sensitive data belonging to current and former patients of Inland Physicians Hospitalist Services. The breach was first detected on December 12, 2024, after a network disruption, prompting an investigation that revealed unauthorized access to files containing personally identifiable information (PII) and protected health information (PHI).
The BianLian ransomware group claimed responsibility for the attack on December 14, 2024, posting details on the dark web. The threat actors asserted they had exfiltrated a broad range of data, including financial records, QuickBooks data, HR files, contracts, internal emails, databases, and medical records.
A thorough electronic discovery process, completed on October 21, 2025, confirmed that exposed data varied by individual but included names, dates of birth, Social Security numbers, driver’s license numbers, health insurance details, medical records, financial account numbers, and payment card information. The breach was officially reported to the California Attorney General on February 3, 2026, though the total number of affected individuals remains undisclosed.
In response, MedRevenu secured its network, engaged cybersecurity specialists, and implemented enhanced safeguards. Affected individuals were offered 12 months of complimentary credit monitoring, credit reports, and fraud alerts through TransUnion, with enrollment available within 90 days of notification. The company also provided guidance on credit freezes, fraud alerts, and identity theft reporting.
The incident underscores the growing threat of ransomware attacks targeting healthcare-adjacent service providers, with sensitive patient and financial data increasingly at risk.
Source: https://www.claimdepot.com/data-breach/medrevenu-inc-2026
MedRevenu cybersecurity rating report: https://www.rankiteo.com/company/medrevenu
"id": "MED1770317284",
"linkid": "medrevenu",
"type": "Ransomware",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Current and former patients of '
'Inland Physicians Hospitalist '
'Services',
'industry': 'Healthcare',
'location': 'California, USA',
'name': 'MedRevenu',
'type': 'Revenue cycle management firm'}],
'customer_advisories': 'Affected individuals were offered 12 months of '
'complimentary credit monitoring, credit reports, and '
'fraud alerts through TransUnion, with enrollment '
'available within 90 days of notification.',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': ['Names',
'Dates of birth',
'Social Security '
'numbers',
'Driver’s license '
'numbers',
'Health insurance '
'details',
'Medical records',
'Financial account '
'numbers',
'Payment card '
'information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Protected health information '
'(PHI)',
'Financial records',
'QuickBooks data',
'HR files',
'Contracts',
'Internal emails',
'Databases',
'Medical records']},
'date_detected': '2024-12-12',
'date_publicly_disclosed': '2024-12-14',
'date_resolved': '2025-10-21',
'description': 'California-based revenue cycle management firm MedRevenu '
'suffered a ransomware attack in December 2024, compromising '
'sensitive data belonging to current and former patients of '
'Inland Physicians Hospitalist Services. The breach was '
'detected after a network disruption, revealing unauthorized '
'access to files containing personally identifiable '
'information (PII) and protected health information (PHI). The '
'BianLian ransomware group claimed responsibility, asserting '
'they exfiltrated financial records, QuickBooks data, HR '
'files, contracts, internal emails, databases, and medical '
'records. A thorough electronic discovery confirmed exposure '
'of sensitive data, including names, dates of birth, Social '
'Security numbers, and payment card information. MedRevenu '
'secured its network, engaged cybersecurity specialists, and '
'offered affected individuals credit monitoring services.',
'impact': {'data_compromised': 'Personally identifiable information (PII) and '
'protected health information (PHI)',
'identity_theft_risk': 'High',
'operational_impact': 'Network disruption',
'payment_information_risk': 'High'},
'investigation_status': 'Completed (electronic discovery finalized on '
'2025-10-21)',
'lessons_learned': 'The incident underscores the growing threat of ransomware '
'attacks targeting healthcare-adjacent service providers, '
'with sensitive patient and financial data increasingly at '
'risk.',
'post_incident_analysis': {'corrective_actions': 'Enhanced safeguards '
'implemented'},
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'BianLian'},
'recommendations': 'Affected individuals were advised on credit freezes, '
'fraud alerts, and identity theft reporting. Organizations '
'should implement enhanced safeguards and monitoring to '
'prevent similar incidents.',
'references': [{'source': 'Cyber incident report'}],
'regulatory_compliance': {'regulatory_notifications': ['California Attorney '
'General (reported on '
'2026-02-03)']},
'response': {'communication_strategy': 'Notification to affected individuals, '
'credit monitoring offered',
'containment_measures': 'Network secured',
'remediation_measures': 'Enhanced safeguards implemented',
'third_party_assistance': 'Cybersecurity specialists'},
'threat_actor': 'BianLian ransomware group',
'title': 'MedRevenu Data Breach Exposes Sensitive Healthcare and Financial '
'Data in Ransomware Attack',
'type': 'ransomware'}