MedRevenu Data Breach Exposes Patient Social Security Numbers

MedRevenu, a California-based revenue cycle management company serving healthcare providers, recently experienced a data breach that has impacted current and former patients of Inland Physicians Hospitalist Services.

The incident was first detected as a network disruption on Dec. 12, 2024. Following investigation, cybersecurity experts determined that certain files containing sensitive information may have been accessed and acquired by an unauthorized party.

The ransomware group BianLian publicly claimed responsibility for the attack on Dec. 14, 2024, posting details on the dark web. They asserted that they had obtained a wide range of data, including the firm’s financials, client and customer financials, QuickBooks data, HR data, contracts and agreements, protected health information (PHI) records, mailboxes, internal and external email correspondence, and databases.

After a thorough electronic discovery process concluded on Oct. 21, 2025, MedRevenu confirmed that a variety of personal and medical information was present in the compromised files. The data elements exposed vary by individuals, but both personally identifiable information (PII) and PHI were involved.

The exposed information may include name, date of birth, Social Security number, driver’s license number, government identification number, health insurance and medical information, financial account number, payment card number, and access information.

The breach was officially disclosed to the California Attorney General on Feb. 3, 2026. The total amount of affected individuals has not yet been disclosed.

MedRevenu's response

In response to the breach, MedRevenu took action to secure its network and engaged cybersecurity specialists to investigate the incident. The company has since reviewed and is enhancing its technical safeguards to prevent similar incidents in the future.

For those affected, MedRevenu is offering complimentary Single Bureau Credit Monitoring, credit reports, and credit score services for 12 months through TransUnion. These services include alerts for changes to credit files and proactive fraud assistance. Affected individuals are encouraged to enroll in these services within 90 days of receiving their notification letter.

MedRevenu has also provided guidance on further steps individuals can take to protect themselves, such as obtaining free annual credit reports, placing security freezes or fraud alerts on credit files, and remaining vigilant for suspicious activity.

Individuals have the right to file a police report if they experience identity theft or fraud.

Given the ransomware nature of this breach and the types of data involved, affected individuals should consider taking the following steps:

• Enroll in the offered credit monitoring and fraud assistance services as soon as possible
• Regularly review credit reports for any unauthorized activity
• Consider placing a security freeze or fraud alert on credit files
• Be alert for phishing attempts or suspicious emails that may use stolen information
• Contact the provided support line for questions or assistance