Mid Florida Primary Care Breach Discloses Data Breach Following Ransomware Attack

Mid Florida Primary Care, based in Leesburg and Summerfield, Florida, recently experienced a data breach involving unauthorized access to sensitive patient and business information. The incident began when the BianLian ransomware group claimed responsibility for infiltrating the practice’s network, posting evidence of the attack on the dark web on Dec. 14, 2024. According to the group’s claims, they obtained a wide range of data, including financial records, HR data, mailboxes, internal and external email correspondence, and multiple patient records containing protected health information (PHI).

The breach was first detected on Jan. 23, 2025, when the practice noticed suspicious activity within its network. An investigation revealed that unauthorized parties accessed and copied information between Nov. 29, 2024, and Dec. 11, 2024. During this period, attackers were able to exfiltrate data from the company’s servers.

The incident was publicly disclosed in a notice filed with the Vermont Attorney General’s office and the Massachusetts Attorney General's office beginning on July 29, 2025. The BianLian group is known for targeting healthcare organizations and leaking stolen data if ransom demands are not met, which increases the risk of exposure for affected individuals.

Mid Florida Primary Care's response

To help protect those impacted, Mid Florida Primary Care is offering complimentary identity monitoring services through Privacy Solutions for either 12 or 24 months, depending on the individual’s risk profile. The services include credit monitoring via Equifax, access to credit reports and scores, identity theft insurance, ID restoration services, and dark web monitoring. Affected individuals are encouraged to activate these services promptly using the instructions and unique activation codes provided in their notification letters.

Given the ransomware nature of the attack and the exposure of both PII and PHI, individuals are strongly advised to remain vigilant for signs of identity theft or fraud. This includes regularly reviewing account statements and credit reports, placing fraud alerts or credit freezes with the major credit bureaus, and reporting any suspicious activity to financial institutions or law enforcement. Additional guidance on protecting personal information is included in the official consumer notice, which is available at the end of this article’s page in PDF format.

For further questions or assistance, affected individuals can contact the dedicated assistance line at 877-580-5596, Monday through Friday from 9 a.m. to 6 p.m. Eastern Time, excluding major holidays.

More information about the practice can be found on the Mid Florida Primary Care official website.