MedRevenu Data Breach Exposes Social Security Numbers and Medical Records

Healthcare data breach illustration
Breach Discovery: 12th December 2024Breach Notification: 3rd February 2026

What Happened in the MedRevenu Data Breach?

MedRevenu, a California-based revenue cycle management company that serves healthcare providers, has confirmed a significant data breach. The MedRevenu data breach affected current and former patients of Inland Physicians Hospitalist Services. The company first detected a network disruption on Dec. 12, 2024, which prompted an immediate internal review.

Following that discovery, cybersecurity experts launched an investigation into the disruption. As a result of their work, they determined that an unauthorized party may have accessed and acquired files containing sensitive information. Just two days after the initial detection, on Dec. 14, 2024, the ransomware group BianLian publicly claimed responsibility for the attack and posted details on the dark web.

According to the group’s claims, they obtained a wide range of data. This reportedly included company financials, client and customer financial records, QuickBooks data, HR files, contracts, protected health information, email correspondence, and internal databases. Because of the scope of these claims, MedRevenu launched a lengthy electronic discovery process to determine exactly whose information was involved.

That review concluded on Oct. 21, 2025, nearly a year after the initial intrusion was detected. Once the review finished, MedRevenu confirmed that a mix of personal and medical information had indeed been present in the compromised files. The company then moved forward with regulatory notification and individual disclosure.

Who was affected?

Because MedRevenu manages revenue cycle operations for healthcare providers, this breach primarily affects patients rather than the company’s own employees. Specifically, current and former patients of Inland Physicians Hospitalist Services are impacted by this incident. This means individuals who may have never directly interacted with MedRevenu could still have had their information exposed.

The total number of affected individuals has not yet been publicly disclosed. However, given that the breach involves a hospitalist services provider working across multiple facilities, the population could be substantial. It’s also worth noting that patient records often span a wide age range, meaning minors could potentially be included among those affected.

Because this breach was disclosed to the California Attorney General, it’s likely that California residents make up a significant portion of the affected population. That said, revenue cycle management firms frequently handle records tied to patients treated by providers with reach beyond a single state. Anyone who received care coordinated through Inland Physicians Hospitalist Services should take this breach seriously.

What Information Was Potentially Exposed?

The electronic discovery process revealed that the specific data elements exposed vary from person to person. However, the overall categories of information involved are extensive. Both personally identifiable information and protected health information were present in the compromised files.

  • Full name
  • Date of birth
  • Social Security number
  • Driver’s license number
  • Government identification number
  • Health insurance information
  • Medical information
  • Financial account number
  • Payment card number
  • Access information (such as usernames or passwords)

Given the presence of Social Security numbers and driver’s license numbers, affected individuals face a heightened risk of identity theft. Criminals can use this combination of data to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. As a result, this type of exposure is considered one of the most serious forms of data compromise.

In addition, the exposure of health insurance and medical information raises the risk of medical identity theft. This can involve someone using stolen insurance details to obtain treatment or prescriptions fraudulently. Because payment card numbers and financial account numbers were also involved, affected individuals should watch closely for unauthorized charges or new account openings in the months ahead.

What is the company doing?

In response to the breach, MedRevenu took immediate steps to secure its network once the disruption was detected. The company also engaged outside cybersecurity specialists to investigate the full scope of the incident. This investigation ultimately led to the lengthy document review that confirmed which individuals were affected.

Beyond the initial response, MedRevenu has since reviewed its technical safeguards and is actively enhancing them to prevent similar incidents going forward. For those impacted, the company is offering complimentary Single Bureau Credit Monitoring, credit reports, and credit score services for 12 months through TransUnion. These services include alerts for changes to credit files along with proactive fraud assistance. MedRevenu is encouraging affected individuals to enroll within 90 days of receiving their notification letter.

What Should Affected Individuals Do?

Enroll in Credit Monitoring Services

Anyone who received a notification letter from MedRevenu should enroll in the complimentary credit monitoring right away. This service can alert you quickly if someone tries to open new accounts using your stolen information. Because enrollment is time-limited to 90 days after notification, acting promptly matters.

These monitoring services also include proactive fraud assistance, which can help you resolve issues faster if fraud does occur. Since the monitoring is offered at no cost, there is little downside to signing up. This step alone can significantly improve your chances of catching identity theft early.

Consider a Credit Freeze or Fraud Alert

Because Social Security numbers and driver’s license numbers were exposed, placing a security freeze on your credit files is a smart precaution. A freeze prevents new creditors from accessing your credit report, which makes it much harder for criminals to open accounts in your name. You can request a freeze directly with each of the three major credit bureaus.

Alternatively, a fraud alert offers a lighter-touch option that still requires lenders to verify your identity before extending credit. This can be useful if you want extra protection without fully freezing your credit. Either way, these tools give you meaningful control over how your stolen data might be used.

Watch for Medical and Insurance Fraud

Since health insurance and medical information were part of this breach, affected individuals should review any explanation of benefits statements closely. Look for treatments, prescriptions, or services you don’t recognize. If you spot anything unusual, contact your insurance provider immediately to dispute the charge.

In addition, request a copy of your medical records periodically to check for inaccuracies caused by fraudulent use of your information. Medical identity theft can be harder to detect than financial fraud because it doesn’t always show up on a credit report. Therefore, staying attentive to your healthcare paperwork is especially important after this type of breach.

Stay Alert for Phishing Attempts

Criminals often use stolen personal information to craft convincing phishing emails or phone calls. As a result, affected individuals should be cautious of any unexpected messages referencing MedRevenu, Inland Physicians Hospitalist Services, or their medical care. Never click on links or provide additional personal details in response to unsolicited requests.

Instead, if you receive a suspicious message, contact the organization directly using a verified phone number or website. This helps confirm whether the request is legitimate before you share any information. Given the sensitivity of the data involved in this breach, extra caution here can prevent further harm.

Monitor Your Credit Reports Regularly

Beyond the complimentary monitoring service, affected individuals can request free annual credit reports from each of the three major bureaus. Reviewing these reports regularly allows you to catch unauthorized accounts or inquiries you don’t recognize. This is a simple, no-cost habit that provides ongoing protection well beyond the 12-month monitoring period.

If you do notice suspicious activity, you have the right to file a police report and dispute the fraudulent items with the credit bureaus. Because ransomware breaches like this one can lead to long-term exposure risk, it’s wise to keep reviewing your reports even after the free monitoring period ends. Consulting a data breach attorney can also help you understand what compensation options may be available to you.



More Information

Official Notice from Medrevenu

Official State Attorney General Notification

Related Data Breaches