Active breach tracker FL Disclosed July 29, 2025

Mid Florida Primary Care Data Breach 2025: 16,435 Patients Exposed in BianLian Ransomware Intrusion

Mid Florida Primary Care, PA, a Leesburg and Summerfield internal medicine practice, confirmed that the BianLian ransomware group accessed its network between November 29 and December 11, 2024, exfiltrating data tied to 16,435 patients. Notification letters went out in late July 2025 and complimentary identity monitoring is offered. The HHS OCR portal entry is dated March 21, 2025.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Nov 29, 2024

Unauthorized access to Mid Florida Primary Care's network begins

Dec 11, 2024

Unauthorized access window ends

Dec 14, 2024

BianLian ransomware group posts evidence of the intrusion on its dark-web leak site

Jan 23, 2025

Suspicious activity identified on the practice's network; forensics engaged

Mar 21, 2025

HIPAA breach notification filed with HHS Office for Civil Rights

Jun 19, 2025

File review of potentially impacted information completed

Jul 29, 2025

Public disclosure issued and individual notification mailings begin

Jul 29, 2025

Disclosed publicly

Jul 30, 2025

Notice filed with the Vermont Attorney General

Data exposed

01

High-risk identity

Enables financial + identity theft

Date of birth Social Security number Driver's license number

02

Health records

Don't expire and can't be reissued

Diagnosis and treatment information Prescription information Test results Treatment location

03

Contact & insurance

Phishing + targeted scams

Name and address Email address Health insurance information Medicare number Medicaid number Health insurance plan or policy number Medical history Allergies
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

Mid Florida Primary Care, PA, an internal medicine practice with offices in Leesburg and Summerfield, Florida, confirmed that an unauthorized actor accessed its network between November 29 and December 11, 2024, exfiltrating data tied to 16,435 patients. The intrusion was attributed to the BianLian ransomware group, which posted evidence of the attack on its dark-web leak site on December 14, 2024. The practice identified suspicious activity on January 23, 2025, filed its HIPAA breach notification with the HHS Office for Civil Rights on March 21, 2025, completed its document review on June 19, 2025, and began mailing individual notification letters on July 29, 2025.

Timeline

  • November 29, 2024 — Unauthorized access to the Mid Florida Primary Care network begins.
  • December 11, 2024 — Access window ends; the actor has copied data covering financial records, HR data, mailboxes, and patient records.
  • December 14, 2024 — The BianLian ransomware group posts proof-of-attack samples on its dark-web leak site.
  • January 23, 2025 — The practice identifies suspicious activity, engages outside counsel, and retains a third-party forensics firm.
  • March 21, 2025 — HIPAA breach notification filed with the HHS Office for Civil Rights using the final affected count of 16,435.
  • June 19, 2025 — File review concludes; the practice finalizes the data elements involved per individual.
  • July 29, 2025 — Public disclosure issued; individual notification letters begin going out.
  • July 30, 2025 — A copy of the consumer notice is filed with the Vermont Attorney General.

What was exposed

The data elements confirmed exposed vary by individual but include:

  • Name and address
  • Date of birth and email address
  • Social Security number
  • Driver’s license number
  • Health insurance information, including Medicare and Medicaid numbers and plan or policy numbers
  • Diagnosis and treatment information
  • Medical history and allergies
  • Prescription information
  • Test results
  • Treatment location

BianLian’s leak-site listing also claimed to contain financial records, HR data, internal and external email correspondence, and multiple patient records. BianLian operates an exfiltration-and-extortion model rather than encrypting systems, so the central risk for affected patients is downstream use of the stolen records, not service disruption at the practice.

What the entity is offering

Mid Florida Primary Care is offering complimentary identity monitoring through Privacy Solutions, with either 12 or 24 months of coverage depending on the risk profile of the records involved. The package includes:

  • Credit monitoring via Equifax
  • Access to credit reports and scores
  • Identity theft insurance
  • Identity restoration services
  • Dark-web monitoring

Enrollment instructions and a single-use activation code are included in each individual notification letter. The practice has set up a dedicated assistance line at 877-580-5596 (Monday through Friday, 9 a.m. to 6 p.m. Eastern, excluding major holidays).

Class-action and regulatory posture

The HHS OCR breach portal entry remains open at 16,435 individuals, a Hacking/IT Incident at a Network Server. The Vermont Attorney General has the consumer notice on file. No consolidated class action has been filed in the sources reviewed as of this writing. ClassAction.org’s investigation page indicates plaintiff-side attorneys have completed their pre-suit review, and Strauss Borrelli PLLC has an open investigation soliciting potential plaintiffs. We will update this section if and when a complaint is docketed.

What to do if you may be affected

  • Freeze your credit with Equifax, Experian, and TransUnion. Because Social Security numbers and driver’s license data were exposed, a security freeze is materially more protective than monitoring alone. It is free and reversible.
  • Enroll in the offered identity monitoring. The 12 or 24 months of Privacy Solutions coverage is worth using even if you also freeze your credit; the enrollment code in your letter is single-use.
  • Watch for medical identity theft. Diagnosis, prescription, and insurance information was exposed. Review every Explanation of Benefits and request a copy of your medical record from your insurer if you see services you did not receive.
  • Be alert to targeted phishing. With name, address, date of birth, and treatment context in hand, threat actors can craft very convincing follow-on lures. Treat unexpected calls or emails referencing your Mid Florida Primary Care visits with skepticism.
  • Keep your notification letter. It documents your status as an affected individual, which matters for any future class-action claim or insurance dispute.

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.