Medical billing company MCBS this week confirmed it notified at least 309,309 people of a September 2025 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Medical history
- Mental and physical conditions
- Treatment and diagnosis info
- Health insurance numbers and info
- Dates of birth
- Addresses
MCBS notified 295,625 people in South Carolina, 13,302 in Texas, and 382 in Massachusetts. The figures do not include breach victims in MCBS’ home state, Georgia. We expect the total number of breach victims to rise as more states disclose figures. This article will be updated accordingly.
A ransomware group called PEAR took credit for the breach on September 30, 2025. On its data leak website, PEAR said it stole 3.3 TB of data from MCBS.
MCBS has not acknowledged PEAR’s claim and Comparitech cannot independently verify its authenticity. We do not know how attackers breached MCBS, if MCBS paid a ransom, or how much PEAR demanded. Comparitech contacted MCBS for more info and will update this article if it replies.
“On or about September 25, 2025, we experienced unauthorized access to our network,” says MCBS’ notice to breach victims.
“After an extensive forensic investigation, we discovered that between September 22, 2025, and September 26, 2025, an unauthorized user may have accessed or removed some of our files.”
The notice does not mention any offer of free credit monitoring or identity theft protection for breach victims.
Who is PEAR?
PEAR, or Pure Extraction and Ransom, is a cybercriminal gang that steals and ransoms data. It started claiming responsibility for ransomware attacks on its data leak website in August 2025. Unlike most other ransomware strains, it does not encrypt data or lock down computer systems. Instead, it focuses solely on data theft and extortion.
PEAR has claimed responsibility for 98 ransomware attacks since it began. Of those, 20 were confirmed by the organizations it targeted, which in turn notified more than 1.5 million people.
Healthcare is PEAR’s main focus. Nine healthcare companies have confirmed PEAR attacks in the USA. They include hospitals and clinics as well as third-party vendors like MCBS, Think Big Health Care Solutions, and VirMedice.
This attack on MCBS is the PEAR’s largest healthcare beach to date. It surpasses a breach at Tri-Century Eye Care, which notified 200,000 people, and Western Orthopaedics, which notified 113,300 people. All three breaches occurred in September 2025.
The group is still active in 2026. This year to date, PEAR has taken credit for 43 ransomware attacks, four of which have been confirmed.
Ransomware attacks on US healthcare
Comparitech researchers logged 35 confirmed ransomware attacks in 2025 on US healthcare businesses that don’t provide direct care. They include medical billing companies, software developers, pharmaceutical companies, and medical device makers, among others. The figure does not include direct care providers like hospitals and clinics.
This attack on MCBS was the third-largest such breach of the year so far, and we expect the number of victims to rise as more states report breach figures. The two largest healthcare business breaches in 2025 were:
- Episource notified 5.4 million people of a January 2025 data breach by unknown attackers
- Insightin Health notified 1.1 million people of a September 2025 data breach for which Medusa demanded $500,000 in ransom
In 2026 to date, we’ve recorded nine more confirmed attacks on healthcare businesses, which compromised 18,765 records. Last month, we confirmed the following:
- Clinical Registry Solutions notified 8,545 people of an April 2026 data breach claimed by Akira
- Park Dental Research Group reported an April 2026 data breach claimed by Interlock
- Sierra Management Group reported a December 2025 data breach claimed by Genesis
We’re monitoring 70 unconfirmed attack claims from 2025 and 70 more from this year so far.
About MCBS
MCBS, or Medical Computer Business Services, is a healthcare management and revenue cycle company based in Augusta, Georgia. It sells billing and consulting services to hospitals and clinics.