Inland Physicians' Patients Affected by Vendor Data Breach

On Dec. 12, 2024, a ransomware attack targeted Inland Physicians Hospitalist Services through its billing and revenue cycle management partner, MedRevenu.

MedRevenu discovered the network disruption on Dec. 12, 2024, and secured their systems and brought in cybersecurity experts to investigate. After extensive electronic discovery, it was determined by Oct. 21, 2025, that patient data from Inland Physicians Hospitalist Services was present in the impacted files.

The BianLian ransomware group claimed responsibility for the incident, which was first made public on the dark web on Dec. 14, 2024. The attackers reportedly accessed and exfiltrated a wide array of sensitive data, including financial records, QuickBooks data, contracts, HR files, internal and external emails, and crucially, protected health information (PHI) and personally identifiable information (PII) belonging to patients.

The breach exposed a comprehensive set of consumer information: names, dates of birth, Social Security numbers, driver’s license numbers, government identification numbers, health insurance and medical information, financial account numbers, payment card numbers, and access information.

The breach was officially disclosed to the California Attorney General by MedRevenu on Feb. 3, 2026.

Inland Physicians Hospitalist Services (via MedRevenu)'s response

In response to the breach, MedRevenu secured their network, launched a thorough investigation with IT specialists, and confirmed the integrity of their systems. They are reviewing and enhancing technical safeguards to prevent future incidents.

MedRevenu is offering affected individuals complimentary credit monitoring, credit reports, and credit score services through TransUnion for twelve months. These services include real-time alerts for changes to credit files and proactive fraud assistance.

Those affected are encouraged to enroll in the free credit monitoring service within ninety days of receiving their notification letter.

Additional recommended steps include reviewing credit reports for suspicious activity, considering placing a security freeze or fraud alert with credit bureaus, and staying vigilant for signs of identity theft. Resources and contact information for credit reporting agencies and law enforcement are provided in the official notice to consumers, which will be available in PDF format at the bottom of this page.

Given the nature of the attack, affected individuals should take the risk of identity theft and financial fraud seriously. Prompt enrollment in the offered protection services and ongoing monitoring are strongly advised.