Medical Associates of Brevard Data Breach 2025: 246,711 Patients Exposed in BianLian Ransomware Attack · $300K Settlement
Medical Associates of Brevard, the Melbourne, FL multi-specialty physician group, confirmed a January 17, 2025 cyberattack by the BianLian ransomware group exposed names, Social Security numbers, driver's license data, medical treatment, insurance, and financial account information for 246,711 patients. A $300,000 class settlement received final approval on December 16, 2025.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Jan 17, 2025
Unauthorized access to Medical Associates of Brevard systems begins
Jan 23, 2025
BianLian ransomware group lists MAB on its dark web leak site
Mar 17, 2025
Beloli v. Medical Associates of Brevard class action filed (CACE-25-012989, 17th Jud. Cir., Broward County, FL)
Jul 7, 2025
Forensic investigation concludes; affected patients identified
Sep 5, 2025
Notification filed with Maine AG, Montana AG, and HHS OCR; individual notice mailings begin
Sep 5, 2025
Disclosed publicly
Sep 7, 2025
Court grants preliminary approval of $300,000 class settlement
Dec 1, 2025
Claim submission deadline
Dec 16, 2025
Final approval hearing (Broward County Courthouse, Fort Lauderdale)
Jan 17, 2025
Unauthorized access to Medical Associates of Brevard systems begins
Jan 23, 2025
BianLian ransomware group lists MAB on its dark web leak site
Mar 17, 2025
Beloli v. Medical Associates of Brevard class action filed (CACE-25-012989, 17th Jud. Cir., Broward County, FL)
Jul 7, 2025
Forensic investigation concludes; affected patients identified
Sep 5, 2025
Notification filed with Maine AG, Montana AG, and HHS OCR; individual notice mailings begin
Sep 5, 2025
Disclosed publicly
Sep 7, 2025
Court grants preliminary approval of $300,000 class settlement
Dec 1, 2025
Claim submission deadline
Dec 16, 2025
Final approval hearing (Broward County Courthouse, Fort Lauderdale)
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Medical Associates of Brevard, a multi-specialty physician group serving Brevard County from its Melbourne, Florida headquarters, has confirmed that a January 17, 2025 cyberattack exposed the personal, identity, financial, and protected health information of 246,711 patients. The BianLian ransomware group claimed responsibility and listed MAB on its dark web leak site on January 23, 2025, though it did not publish screenshots or proof samples. MAB did not notify regulators or patients until September 5, 2025, nearly eight months after the intrusion. MAB’s official notice arranged for Experian to provide 12 months of free credit monitoring to affected individuals. A $300,000 class-action settlement received final approval on December 16, 2025.
The delay between intrusion and notification (about 230 days) has drawn scrutiny from plaintiffs’ firms as potentially violating state breach-notification statutes and the HIPAA 60-day rule. MAB has stated it is not aware of any reports of misuse of the compromised information.
Timeline
- January 17, 2025 — Unauthorized access to Medical Associates of Brevard’s systems begins.
- January 23, 2025 — BianLian adds Medical Associates of Brevard to its dark web leak site, claiming exfiltration of personal information, PHI, emails, databases, and HR/accounting/partner documents. No proof samples are posted.
- March 17, 2025 — Beloli v. Medical Associates of Brevard, LLC, Case No. CACE-25-012989, is filed in the 17th Judicial Circuit Court for Broward County, Florida.
- July 7, 2025 — Forensic investigation concludes; MAB identifies which patients had information in the compromised files.
- September 5, 2025 — MAB notifies the Maine Attorney General and the Montana Attorney General, files with HHS OCR, and begins mailing individual notification letters.
- September 7, 2025 — Court grants preliminary approval of the $300,000 class-action settlement.
- September 18, 2025 — Public substitute notice issued; full 246,711 figure becomes public.
- December 1, 2025 — Claim submission deadline.
- December 16, 2025 — Final approval hearing held at the Broward County Courthouse, Fort Lauderdale.
What was exposed
According to MAB’s notification letters and the Maine AG filing, the data elements vary by individual but include:
- Name and date of birth
- Social Security number
- Driver’s license number or state-issued ID number
- Medical treatment information
- Health insurance information
- Financial account information (for a limited subset of individuals)
BianLian’s leak-site post additionally claimed access to internal emails, databases, and documents pertaining to accounting, HR, and business partners. The group has not been observed posting new victims since late March 2025, and the disposition of the stolen MAB data is unknown.
What the entity is offering
According to MAB’s official data incident notification letter posted on mabmd.com, MAB arranged for Experian to provide at least 12 months of free credit monitoring and related services to potentially affected individuals. Enrollment information was included in the individual notification letters mailed beginning September 5, 2025. Individuals with questions could contact the dedicated assistance line at (877) 250-2766, Monday through Friday, 9:00 AM to 9:00 PM Eastern Time.
Under the settlement, class members may receive:
- Up to $1,500 for documented out-of-pocket losses traceable to the breach incurred between January 24, 2025 and December 1, 2025 (including credit-monitoring fees, identity-theft costs, and fraud-related postage)
- One year of CyEx Medical Shield Pro medical identity monitoring, including $1 million of medical identity theft insurance
Claims had to be submitted online or postmarked by December 1, 2025.
Class-action posture
The consolidated case is Beloli v. Medical Associates of Brevard, LLC, Case No. CACE-25-012989, in the Circuit Court of the 17th Judicial Circuit in and for Broward County, Florida. The settlement agreement is dated August 28, 2025. Lead class counsel are Jeff Ostrow and Kristen Cardoso of Kopelowitz Ostrow P.A. MAB is represented by Jonathan Harris, Julia Bover, and Amanda Simpson of Jackson Lewis P.C. Preliminary approval was granted on September 7, 2025; final approval was heard on December 16, 2025 at the Broward County Courthouse, 201 SE 6th Street, Courtroom WW 14165, Fort Lauderdale. Settlement payments are distributed approximately 105 days after final approval, subject to any appeals.
Multiple firms publicly opened parallel investigations or solicited class members, including Schubert Jonckheer & Kolbe LLP, Wolf Haldenstein Adler Freeman & Herz LLP, Levi & Korsinsky, LLP, and Barnow and Associates, P.C.
What to do if you may be affected
- Check your mail and the settlement site. If you received care from Medical Associates of Brevard before January 2025, you likely received a notification letter; the official settlement administrator site is listed in Sources below. The claim deadline has passed (December 1, 2025), but the site remains the authoritative record of your class-member status.
- Freeze your credit with Equifax, Experian, and TransUnion. Because Social Security numbers and driver’s license data were exposed, a security freeze is meaningfully more protective than monitoring alone. It is free and reversible.
- Watch for medical identity theft. Diagnosis and insurance information was exposed. Review every Explanation of Benefits statement for services you did not receive, and request a copy of your medical record from your insurer if anything looks off.
- Be alert to targeted phishing. Threat actors with your name, date of birth, address, and provider context can craft convincing follow-on lures. Treat unexpected calls or emails referencing your MAB care with skepticism, and verify by calling MAB directly using a number from a prior bill.
- If financial account data was listed in your letter, contact your bank to flag the account for fraud monitoring and consider changing account numbers.
- Stop the ongoing flow of your medical data. HealthConsent files HIPAA restriction requests so the treatment and insurance information exposed in this breach is not continuously re-shared across health information exchanges and insurance networks. Learn how to restrict access to your health records.
Continue reading
Sources
- HHS Office for Civil Rights Breach Portal — federal regulatory record (filing dated 2025-09-05).
- Medical Associates of Brevard — Official Data Incident Notification (PDF) — Experian credit monitoring offer (12 months), call center number, confirmed PHI categories.
- DataBreaches.Net — Medical Associates of Brevard notifies 246,711 patients after cyberattack — patient count, BianLian attribution, leak-site posting.
- SecurityWeek — Nearly 250,000 Impacted by Data Breach at Medical Associates of Brevard — January 17 incident date, BianLian disposition.
- HIPAA Journal — Data Breaches Announced by Washington, Florida, and Minnesota Healthcare Providers — exposed data categories, July 7 investigation conclusion, identity protection offer.
- ClassAction.org — Medical Associates of Brevard Settlement Resolves Data Breach Lawsuit Over January 2025 Cyberattack — Beloli case caption, $300K settlement, CyEx Medical Shield Pro, hearing dates.
- ClassAction.org — Medical Associates of Brevard Data Breach Exposes Medical Info, SSNs — case posture and exposed data confirmation.
- Schubert Jonckheer & Kolbe — Privacy Alert: Medical Associates of Brevard Under Investigation — plaintiff-firm investigation summary, notification-delay analysis; Maine AG notification confirmed.
- Beloli v. Medical Associates of Brevard — Settlement Agreement (PDF) — lead class counsel (Kopelowitz Ostrow P.A.), defense counsel (Jackson Lewis P.C.), settlement date August 28, 2025.
- Beloli v. Medical Associates of Brevard — Official Settlement Notice (PDF) — court-approved class notice, case number, hearing location and time (8:30 a.m. ET, Courtroom WW 14165).
- Beloli v. Medical Associates of Brevard — Settlement Administrator Site — official claim portal and FAQ.
- ClaimDepot — Medical Associates of Brevard Data Breach Settlement — settlement terms summary, Montana AG filing confirmation, 105-day payout distribution timeline.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- Medical Associates of Brevard — Official Data Incident Notification (PDF)
- DataBreaches.Net — Medical Associates of Brevard notifies 246,711 patients after cyberattack
- SecurityWeek — Nearly 250,000 Impacted by Data Breach at Medical Associates of Brevard
- HIPAA Journal — Data Breaches Announced by Washington, Florida, and Minnesota Healthcare Providers
- ClassAction.org — Medical Associates of Brevard Settlement Resolves Data Breach Lawsuit Over January 2025 Cyberattack
- ClassAction.org — Medical Associates of Brevard Data Breach Exposes Medical Info, SSNs
- Schubert Jonckheer & Kolbe — Privacy Alert: Medical Associates of Brevard Under Investigation
- Beloli v. Medical Associates of Brevard — Settlement Agreement (PDF)
- Beloli v. Medical Associates of Brevard — Official Settlement Notice (PDF)
- Beloli v. Medical Associates of Brevard — Settlement Administrator Site
- ClaimDepot — Medical Associates of Brevard Data Breach Settlement
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.