Avosina Healthcare Discloses Data Breach Affecting 44k People Following Ransomware Attack

Avosina Healthcare Solutions, a physician-owned company specializing in revenue cycle management and healthcare IT services, experienced a data breach in late July 2025, potentially exposing patient names, addresses, medical information and health insurance information of current and former patients of its customers.

On July 29, 2025, Avosina discovered that parts of its computer system had been compromised by an unknown threat actor. The incident was identified as a ransomware attack claimed by the Qilin group, who posted about the breach on the Tor network on August 7, 2025.

The breach was disclosed to the U.S. Department of Health and Human Services on January 10, 2026. After January 12, 2026, the breach was also disclosed to the offices of the attorneys general of Indiana, Maine, Massachusetts, New Hampshire, and Vermont.

The breach has affected 44,425 total individuals, including 43 residents of Massachusetts, 23 residents of Indiana, 16 residents of Maine, and 13 residents of New Hampshire.

The company also sent written notices to affected individuals on January 9, 2026. Avosina has also published a notice of data privacy event on PR Newswire.

Avosina Healthcare Solutions' response

In response to the breach, Avosina took action to restore affected services using backups and engaged investigators and security firms to determine the scope of the incident. The company reported the matter to relevant authorities and took steps to fortify its network security.

If you receive notification from Avosina Healthcare Solutions about this breach, you may want to:

• Sign up for the free identity theft protection services, if offered.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.