Mid Michigan Medical Billing Service Data Breach Affects 28K Patients

The Flint-based revenue cycle management company, Mid Michigan Medical Billing Service, recently reported a major data breach following a ransomware attack.

The incident, which was first discovered in March 2025, involved unauthorized access to MMMBS’s IT network by a threat actor identified as the Qilin ransomware group.

According to the cybersecurity event notice posted on MMMBS' website, the attacker accessed the network on March 27, 2025, and was able to copy and potentially view files containing sensitive information.

The breach was reported to the Dept. of Health and Human Services on Jan. 5, 2026, disclosing that 28,185 individuals across the United States have had their protected health information (PHI) exposed.

The scope of the breach is severe. The information exposed includes both personally identifiable information (PII) and protected health information (PHI): names, dates of birth, Social Security numbers, driver’s license or government-issued identification numbers, Medicare and Medicaid identification numbers, diagnosis and treatment information, medical record numbers, patient account numbers, health insurance details, payment card numbers, employer identification numbers, passport numbers, treating or referring provider names, and biometric data.

In some cases, Social Security numbers were also compromised.

The Qilin ransomware group claimed responsibility for the attack, stating they obtained 38 GB of MMMBS data and threatened to publish it on the dark web if their demands were not met. The incident was posted on the group’s dark web website on the Tor network, further increasing the risk of data exposure and misuse for affected individuals.

‍

Mid Michigan Medical Billing Service's response

MMMBS engaged cybersecurity professionals to assess the breach, secure their network, and conduct a detailed review to determine what information was compromised and which individuals were affected. The company also notified all relevant business partners and regulatory authorities, including law enforcement.

For those impacted, MMMBS is offering complimentary credit monitoring services and has established a dedicated assistance line at 833-303-3875, available from 8 a.m. to 8 p.m. Eastern time, Monday through Friday, excluding U.S. holidays.

Affected individuals are strongly encouraged to remain vigilant by reviewing account statements, explanation of benefits statements, and monitoring free credit reports for any suspicious activity. MMMBS has also provided guidance on placing fraud alerts or credit freezes with the major credit bureaus and recommends reporting any suspicious activity to insurance companies, healthcare providers, and financial institutions.