Mid Michigan Medical Billing Service Data Breach Exposes Social Security Numbers and Medical Records

Healthcare data breach illustration
Breach Discovery: 1st March 2025Breach Notification: 5th January 2026

What Happened in the Mid Michigan Medical Billing Service Data Breach?

Mid Michigan Medical Billing Service, a Flint-based revenue cycle management company, recently disclosed a major data breach. The Mid Michigan Medical Billing Service data breach involved unauthorized access to the company’s IT network by a ransomware group. As a result, sensitive personal and health information belonging to thousands of people may have been exposed.

According to the company’s cybersecurity event notice, the attacker gained access to its network on March 27, 2025. The intrusion was carried out by a threat actor identified as the Qilin ransomware group. During the attack, the group copied and potentially viewed files that contained highly sensitive information. The breach itself was first discovered in March 2025, though the full scope took time to determine.

Because ransomware incidents often require extensive forensic work, MMMBS engaged cybersecurity professionals to investigate. This team worked to secure the network and figure out exactly what data had been accessed. The Qilin group later claimed responsibility publicly, stating it had obtained 38 GB of data from MMMBS.

In addition, the group threatened to publish the stolen files on the dark web unless its demands were met. The incident was subsequently posted on Qilin’s dark web site on the Tor network. This step significantly raised the risk of misuse for anyone whose information was included in the stolen files.

Who was affected?

The breach affects patients and individuals whose personal and health information was processed through MMMBS’s billing systems. Because the company handles revenue cycle management for healthcare providers, its systems likely contained records tied to many different medical practices. As a result, the affected population spans patients across the United States, not just Michigan.

MMMBS reported to the Department of Health and Human Services that 28,185 individuals nationwide had their protected health information exposed. This figure represents the confirmed number of affected people based on the company’s review to date. Given the nature of medical billing data, the exposure could include minors, elderly patients, and others who never interacted directly with MMMBS.

Because billing companies often process data for multiple healthcare providers, individuals may not immediately recognize why their information was involved. Therefore, anyone who received care from a provider that used MMMBS for billing services should consider themselves potentially affected.

What Information Was Potentially Exposed?

The scope of information involved in this breach is extensive. It spans both personally identifiable information and protected health information, which makes the exposure especially serious for affected individuals.

  • Full names
  • Dates of birth
  • Social Security numbers
  • Driver’s license or government-issued identification numbers
  • Medicare and Medicaid identification numbers
  • Diagnosis and treatment information
  • Medical record numbers
  • Patient account numbers
  • Health insurance details
  • Payment card numbers
  • Employer identification numbers
  • Passport numbers
  • Treating or referring provider names
  • Biometric data

Because Social Security numbers and financial information were included, affected individuals face a heightened risk of identity theft. Criminals can use this combination of data to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. This type of fraud can take months to detect and even longer to fully resolve.

In addition, the exposure of medical record numbers, diagnosis details, and insurance information creates a risk of medical identity theft. Fraudsters could use stolen health insurance details to obtain medical services or prescription drugs under someone else’s name. This can result in incorrect information appearing in a victim’s medical history, which may affect future care and insurance coverage.

What is the company doing?

In response to the breach, MMMBS took several immediate steps to contain the damage. The company engaged outside cybersecurity professionals to assess the intrusion and secure its network against further unauthorized access. It also conducted a detailed review to determine exactly which files and individuals were affected.

Furthermore, MMMBS notified relevant business partners, regulatory authorities, and law enforcement about the incident. For those impacted, the company is offering complimentary credit monitoring services. It has also set up a dedicated assistance line, staffed from 8 a.m. to 8 p.m. Eastern time, Monday through Friday, to answer questions from affected individuals.

As an ongoing measure, MMMBS has provided guidance on placing fraud alerts or credit freezes with major credit bureaus. The company also recommends that affected individuals report any suspicious activity to their insurance companies, healthcare providers, and financial institutions. This layered response reflects the seriousness of the exposed data categories.

What Should Affected Individuals Do?

Monitor Your Credit Reports Closely

Affected individuals should request copies of their credit reports from all three major bureaus. Reviewing these reports regularly helps catch unauthorized accounts or inquiries early. Because Social Security numbers were exposed, this step is especially important for anyone connected to this breach.

You can obtain free weekly credit reports through AnnualCreditReport.com. If you notice any unfamiliar accounts or hard inquiries, dispute them immediately with the credit bureau involved. Consistent monitoring over the next year or more is a wise precaution given the sensitivity of the exposed data.

Consider a Fraud Alert or Credit Freeze

Given that Social Security numbers, driver’s license numbers, and financial account details were compromised, placing a fraud alert or credit freeze is strongly advised. A fraud alert requires creditors to verify your identity before opening new accounts in your name. A credit freeze goes further by blocking access to your credit file entirely.

To set up either protection, contact Equifax, Experian, and TransUnion directly. Because MMMBS has already provided guidance on this process, affected individuals can also call the company’s assistance line for help. This proactive step can prevent criminals from opening fraudulent accounts using your stolen information.

Watch for Medical and Insurance Fraud

Because diagnosis information, medical record numbers, and health insurance details were exposed, affected individuals should carefully review their explanation of benefits statements. Look for services or treatments you never received. This could indicate that someone else is using your insurance information fraudulently.

If you spot anything unusual, contact your insurance provider and healthcare providers right away. Reporting suspected medical identity theft quickly can help prevent incorrect information from being added to your permanent medical record. This is one of the more difficult forms of fraud to reverse once it occurs.

Stay Alert to Phishing Attempts

Following a breach like this, scammers often use stolen information to craft convincing phishing emails, texts, or phone calls. These messages may reference real details from the breach to appear legitimate. As a result, affected individuals should be especially cautious about unsolicited communications requesting personal information.

Never click links or provide sensitive details in response to unexpected messages, even if they appear to come from a trusted source. Instead, verify requests by contacting the organization directly through official channels. This simple habit can prevent scammers from gaining further access to your accounts.

Explore Your Legal Options

Given the scale and sensitivity of the data involved, affected individuals may have grounds to pursue legal action. Consulting with a data breach attorney can help clarify whether you qualify for compensation. Many attorneys offer free consultations to evaluate your specific situation.

In addition, staying informed about any class action lawsuits related to this breach can help you understand your rights. Because deadlines to join legal claims can be strict, it’s wise to act sooner rather than later. A qualified attorney can walk you through the process and help protect your interests.



More Information

Official Notice from Mmmbs

Official Notice from Mmmbs

HHS Office for Civil Rights Breach Notification Portal

Related Data Breaches