Medenet Inc. Data Breach Exposes Social Security Numbers

Medenet Inc., a Florida-based company that specializes in medical billing, electronic medical records and revenue cycle management for physician practices, disclosed a data breach resulting from a cyberattack in late 2025.

On Dec. 26, 2025, Medenet was the victim of a cyberattack, according to the company's notification letter to consumers. The company launched an investigation and engaged nationally recognized computer forensics specialists to determine the nature and scope of the incident and what information may have been affected.

On Jan. 29, 2026, a ransomware group known as Akira claimed responsibility for the attack through a posting on a dark web site hosted on the Tor network. The group claimed to have obtained 24 gigabytes of Medenet's corporate data.

According to the dark web posting, the compromised data reportedly included highly detailed employee and customer information such as driver's licenses, passports and Social Security numbers. The posting also referenced contracts and agreements, financial records, confidential files and nondisclosure agreements.

After conducting an investigation over the following months, the company determined that personal information belonging to affected individuals was present in the files and folders that may have been accessed or obtained by an unauthorized party during the incident, according to the notification letter.

The types of personal information potentially exposed included medical records and Social Security numbers.

The breach was reported to the Massachusetts Office of Consumer Affairs and Business Regulation, which identified six Massachusetts residents as affected. The company's notification letters to affected consumers are dated May 28, 2026.

Medenet's response

Medenet is providing two years of free single-bureau credit monitoring, credit report and credit score services through Cyberscout, a TransUnion company specializing in fraud assistance and remediation services. These services send alerts when changes occur to an individual's credit file, with notifications delivered the same day a change takes place.

The company is also providing proactive fraud assistance through Cyberscout to help individuals who have questions or who become victims of fraud.

To enroll in these free services, affected individuals can visit the Cyberscout activation page and enter the unique code included in their notification letter. Enrollment must be completed within 90 days of the date of the letter. The enrollment process requires an internet connection and an email account, and the service may not be available to minors under 18 years of age.

A dedicated phone line is also available for individuals who have additional questions or concerns. Representatives are available from 8 a.m. to 8 p.m. Eastern time, Monday through Friday, excluding U.S. holidays. The phone number is included in the notification letter sent to affected individuals.

In its notification letter, the company said, "We appreciate your patience and understanding and sincerely apologize for any inconvenience this incident may cause you."