Medical Associates of Brevard Data Breach Exposes Personal Information of 250,000 Individuals

Melbourne, Florida-based healthcare provider Medical Associates of Brevard said the data security incident it suffered earlier this year compromised the sensitive personal data of nearly 250,000 individuals.

 

Medical Associates of Brevard is a physician-owned group offering primary and specialty care at six clinics across Florida’s Space Coast.

 

In a data security incident notice submitted to the Office of the Maine Attorney General, MAB said that on January 17, it identified unauthorised access within its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“As part of our extensive investigation, we worked diligently to identify any protected health information (“PHI”) and personally identifiable information (“PII”) that may have been subject to unauthorised access or acquisition as a result of the Incident. On or about July 7, 2025, we identified the individuals whose PHI and/or PII may have been impacted and are in the process of notifying those individuals,” MAB said.

 

The compromised data included names, dates of birth, social security numbers, driver’s license and state ID numbers, medical treatment information, health insurance information, and financial account information. In a filing with U.S. Department of Health and Human Services Office for Civil Rights, MAB said it has identified at least 246,711 individuals impacted by the incident.

 

While MAB found no evidence of the compromised information being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. 

 

It has also offered one year of complimentary identity protection and credit monitoring services through Experian to all affected individuals.

 

 

The BianLian ransomware group claimed responsibility for the cyber attack on MAB and listed it as a victim on its data leak site. The group claimed to be in possession of confidential data stolen from the healthcare provider and threatened to leak the same unless its ransom demands were fulfilled.