MedRevenu Data Breach (CA, 2024-2026): 17,775 Patients Exposed in December 2024 BianLian Ransomware at Montclair Billing Vendor
MedRevenu, LLC, a Montclair, California revenue cycle management and medical billing vendor, was hit by a December 12, 2024 ransomware attack claimed by the BianLian group. Forensic review concluded October 21, 2025; covered-entity notifications followed on December 5, 2025, and individual notifications began February 3, 2026. The HHS OCR portal lists 17,775 affected individuals.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Dec 12, 2024
Network disruption begins at MedRevenu; intrusion identified the same day
Dec 12, 2024
Breach detected
Dec 14, 2024
BianLian ransomware group publicly claims responsibility on its dark-web leak site
Mar 21, 2025
MedRevenu files HIPAA breach notification with HHS Office for Civil Rights covering 17,775 affected individuals
Oct 21, 2025
Forensic electronic discovery and file review concludes; impacted personal information confirmed
Dec 5, 2025
MedRevenu notifies covered-entity healthcare provider clients of the incident
Feb 3, 2026
MedRevenu begins mailing individual notification letters and files notice with the California Attorney General
Feb 5, 2026
Plaintiff firms (Strauss Borrelli, Lynch Carpenter, Federman & Sherwood, others) publicly open class-action investigations
Dec 12, 2024
Network disruption begins at MedRevenu; intrusion identified the same day
Dec 12, 2024
Breach detected
Dec 14, 2024
BianLian ransomware group publicly claims responsibility on its dark-web leak site
Mar 21, 2025
MedRevenu files HIPAA breach notification with HHS Office for Civil Rights covering 17,775 affected individuals
Oct 21, 2025
Forensic electronic discovery and file review concludes; impacted personal information confirmed
Dec 5, 2025
MedRevenu notifies covered-entity healthcare provider clients of the incident
Feb 3, 2026
MedRevenu begins mailing individual notification letters and files notice with the California Attorney General
Feb 5, 2026
Plaintiff firms (Strauss Borrelli, Lynch Carpenter, Federman & Sherwood, others) publicly open class-action investigations
Data exposed
01
High-risk identity
Enables financial + identity theft
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
MedRevenu, LLC, a revenue cycle management and medical billing vendor headquartered in Montclair, California, was hit by a ransomware attack on December 12, 2024 that disrupted its network and led to exfiltration of patient data the company holds on behalf of its healthcare-provider clients. The ransomware group BianLian publicly claimed responsibility on December 14, 2024 by adding MedRevenu to its dark-web leak site. MedRevenu’s forensic electronic discovery concluded on October 21, 2025, the company notified its covered-entity clients on or about December 5, 2025, and individual notification letters began mailing on February 3, 2026. The HHS Office for Civil Rights breach portal entry, filed March 21, 2025, lists 17,775 affected individuals.
Because MedRevenu is a HIPAA business associate rather than a treating provider, the patients receiving these letters are customers of the hospitals, physician groups, and hospitalist services that hired MedRevenu to handle billing and claims. One named downstream client referenced in public reporting is Inland Physicians Hospitalist Services.
Timeline
- December 12, 2024 — An unauthorized actor disrupts MedRevenu’s network environment. MedRevenu identifies the intrusion the same day, secures its systems, and engages third-party cybersecurity specialists.
- December 14, 2024 — The BianLian ransomware group adds MedRevenu to its dark-web leak site, publicly claiming responsibility for the attack.
- March 21, 2025 — MedRevenu files its HIPAA breach notification with the HHS Office for Civil Rights, reporting a Hacking/IT Incident at a Network Server affecting 17,775 individuals.
- October 21, 2025 — Forensic electronic discovery and file-by-file review concludes. MedRevenu confirms which individuals’ personal information was present in the impacted data set.
- December 5, 2025 — MedRevenu notifies its covered-entity healthcare-provider clients of the incident and offers to notify potentially impacted patients on their behalf.
- February 3, 2026 — MedRevenu begins mailing individual notification letters and files a sample notice with the California Attorney General’s data-breach reporting portal.
- February 5, 2026 — Plaintiff firms including Strauss Borrelli PLLC, Lynch Carpenter LLP, Federman & Sherwood, and The Lyon Firm publicly announce class-action investigations.
What was exposed
The data elements vary by individual, but MedRevenu’s notice identifies the following categories as potentially involved:
- Name
- Date of birth
- Social Security number
- Driver’s license number
- Government-issued identification number
- Health insurance information
- Medical information
- Financial account number
- Payment card number
- Access information (account credentials)
MedRevenu has stated it has “no reason to believe that any individual’s information has been misused” as of the notice date. BianLian, the threat group that claimed responsibility, is a known data-exfiltration extortion actor that typically posts stolen data on its leak site when victims do not pay.
What MedRevenu is offering
MedRevenu is offering 12 months of complimentary single-bureau credit monitoring, credit reporting, and credit score services through TransUnion, along with proactive fraud assistance. Enrollment instructions are included in the individual notification letters mailed beginning February 3, 2026.
A dedicated incident response line is available for individuals with questions:
- Phone: 1-833-996-3692
- Hours: Monday through Friday, 8:00 a.m. to 8:00 p.m. Eastern Time, excluding holidays
MedRevenu has also stated it is reviewing and enhancing its technical and administrative safeguards to prevent recurrence.
Class-action posture
No consolidated class-action complaint has yet been filed in the public dockets reviewed. At least seven plaintiff firms have publicly opened investigations and are soliciting potential class members: Federman & Sherwood (Oklahoma City), Lynch Carpenter LLP, Strauss Borrelli PLLC, The Lyon Firm, Bryson Harris Suciu & DeMay PLLC, Emery Reddy, and Potter Handy. Given MedRevenu’s California headquarters and the California Attorney General filing, the expected venue for any consolidated litigation is the U.S. District Court for the Central District of California.
The HHS OCR portal entry remains open, and no state attorney general has yet published an enforcement action or settlement.
What to do if you may be affected
- Freeze your credit at Equifax, Experian, and TransUnion. Because Social Security numbers, driver’s license numbers, and financial account information were exposed, a security freeze is materially more protective than monitoring alone. It is free, reversible, and takes about ten minutes per bureau.
- Enroll in the credit monitoring MedRevenu offered, if your notification letter includes an enrollment code. The 12-month TransUnion service is at no cost to you, and the enrollment code is single-use.
- Watch for medical identity theft. Because health insurance and medical information were exposed, review every Explanation of Benefits and request a copy of your medical record from your insurer if you see services you did not receive.
- Watch for tax-related identity theft in the upcoming filing season. SSN exposure in healthcare breaches frequently surfaces as fraudulent tax returns; consider requesting an IRS Identity Protection PIN.
- Be alert to targeted phishing. Threat actors who hold name, address, date of birth, and insurance context can craft highly convincing follow-on lures referencing your provider or your bill. Treat unexpected calls, texts, or emails referencing your healthcare account with skepticism.
- Keep the notification letter. If a class settlement is later reached, you will need the breach reference number to submit a claim. Do not pay any third party who offers to “file your claim” for a fee.
Sources
- MedRevenu — Data Security Incident (official notice) — entity’s own substitute notice, timeline, exposed data categories, credit-monitoring offer.
- HHS Office for Civil Rights Breach Portal — federal regulatory record (filing dated 2025-03-21, 17,775 affected, Hacking/IT Incident, Network Server).
- HIPAA Journal — Data Breaches Announced by MedRevenu & EyeCare Partners — trade-press synthesis of MedRevenu’s role as a billing vendor, BianLian attribution, and forensic timeline.
- California Attorney General — Search Data Security Breaches — state regulatory record of the February 3, 2026 sample-notice filing.
- ClassAction.org — MedRevenu Data Breach Impacts Medical, Financial Info — class-action investigation summary and reference to Inland Physicians Hospitalist Services as a downstream client.
- Strauss Borrelli PLLC — MedRevenu Data Breach Investigation — plaintiff-side investigation notice.
- Lynch Carpenter LLP — MedRevenu, LLC Data Breach Claims Investigated — plaintiff-side investigation notice.
- Federman & Sherwood — MedRevenu, LLC Data Breach Investigation — plaintiff-side investigation notice.
- The Lyon Firm — MedRevenu California Healthcare Data Breach — California-focused class-action investigation summary.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- MedRevenu — Data Security Incident (official notice)
- HHS Office for Civil Rights Breach Portal
- HIPAA Journal — Data Breaches Announced by MedRevenu & EyeCare Partners
- California Attorney General — Search Data Security Breaches
- ClassAction.org — MedRevenu Data Breach Impacts Medical, Financial Info
- Strauss Borrelli PLLC — MedRevenu Data Breach Investigation
- Lynch Carpenter LLP — MedRevenu, LLC Data Breach Claims Investigated
- Federman & Sherwood — MedRevenu, LLC Data Breach Investigation
- The Lyon Firm — MedRevenu California Healthcare Data Breach
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.