Medical Associates of Brevard in Melbourne, Florida this week confirmed it notified 246,711 people of a January 2025 data breach that leaked the following info:
- Names
- Social Security numbers
- Medical treatment info
- Health insurance info
- Financial account info
- Dates of birth
- State-issued ID numbers (e.g. driver’s license)
Ransomware group BianLian took credit for the breach shortly after it happened. BianLian claims it stole accounting and human resources data, personal and health records, email correspondence, and other data.
Medical Associates of Brevard has not verified BianLian’s claim. We do not know if the company paid a ransom, how much BianLian demanded, or how attackers breached the clinic’s network. Comparitech contacted Medical Associates of Brevard for comment and will update this article if it replies.
“MAB was subject to a criminal cyberattack that impacted its systems,” the company’s notice (PDF) to victims says. “On or about July 7, 2025, we identified the individuals whose PHI and/or PII may have been impacted and are in the process of notifying those individuals.”
Medical Associates of Brevard is offering eligible victims a minimum of 12 months of free credit monitoring through Experian.
Who is BianLian?
BianLian, like some other ransomware groups, extorts victims for stolen data but does not encrypt targeted systems. It first started posting victims to its data leak site in late 2021.
BianLian has taken credit for 91 confirmed attacks since late 2021, but hasn’t listed any new targets on its data leak site since March 2025.
37 of BianLian’s attacks hit hospitals, clinics, and other companies in the healthcare sector. Recently, we confirmed BianLian’s attack on Goshen Medical Center in North Carolina, which notified 456,000 people of a data breach.
Last month, Aspire Rural Health System notified 138,000 people of a November 2024 breach claimed by BianLian.
Ransomware attacks on US healthcare
Comparitech researchers have logged 61 confirmed ransomware attacks on hospitals, clinics, and other direct care providers in 2025 to date. The attack on Medical Associates of Brevard is the fourth-largest of the year so far.
In another recent such attack, New York Blood Center notified almost 194,000 people of a breach that leaked Social Security numbers, bank account info, and health information.
Ransomware attacks on hospitals and clinics can lock down computer systems and steal data. In BianLian’s case, it’s most likely just the latter. Hospitals are forced to either pay a ransom or put customers at increased risk of fraud.
About Medical Associates of Brevard
Medical Associates of Brevard operates six clinics in Indian Harbor Beach, Melbourne, Palm Bay, Rockledge, Satellite Breach and West Melbourne, Florida.
