Mid Florida Primary Care Data Breach 2025: 16,435 Patients Exposed in BianLian Ransomware Intrusion
Mid Florida Primary Care, PA, a Leesburg and Summerfield internal medicine practice, confirmed that the BianLian ransomware group accessed its network between November 29 and December 11, 2024, exfiltrating data tied to 16,435 patients. Notification letters went out in late July 2025 and complimentary identity monitoring is offered. The HHS OCR portal entry is dated March 21, 2025.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Nov 29, 2024
Unauthorized access to Mid Florida Primary Care's network begins
Dec 11, 2024
Unauthorized access window ends
Dec 14, 2024
BianLian ransomware group posts evidence of the intrusion on its dark-web leak site
Jan 23, 2025
Suspicious activity identified on the practice's network; forensics engaged
Mar 21, 2025
HIPAA breach notification filed with HHS Office for Civil Rights
Jun 19, 2025
File review of potentially impacted information completed
Jul 29, 2025
Public disclosure issued and individual notification mailings begin
Jul 29, 2025
Disclosed publicly
Jul 30, 2025
Notice filed with the Vermont Attorney General
Nov 29, 2024
Unauthorized access to Mid Florida Primary Care's network begins
Dec 11, 2024
Unauthorized access window ends
Dec 14, 2024
BianLian ransomware group posts evidence of the intrusion on its dark-web leak site
Jan 23, 2025
Suspicious activity identified on the practice's network; forensics engaged
Mar 21, 2025
HIPAA breach notification filed with HHS Office for Civil Rights
Jun 19, 2025
File review of potentially impacted information completed
Jul 29, 2025
Public disclosure issued and individual notification mailings begin
Jul 29, 2025
Disclosed publicly
Jul 30, 2025
Notice filed with the Vermont Attorney General
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Mid Florida Primary Care, PA, an internal medicine practice with offices in Leesburg and Summerfield, Florida, confirmed that an unauthorized actor accessed its network between November 29 and December 11, 2024, exfiltrating data tied to 16,435 patients. The intrusion was attributed to the BianLian ransomware group, which posted evidence of the attack on its dark-web leak site on December 14, 2024. The practice identified suspicious activity on January 23, 2025, filed its HIPAA breach notification with the HHS Office for Civil Rights on March 21, 2025, completed its document review on June 19, 2025, and began mailing individual notification letters on July 29, 2025.
Timeline
- November 29, 2024 — Unauthorized access to the Mid Florida Primary Care network begins.
- December 11, 2024 — Access window ends; the actor has copied data covering financial records, HR data, mailboxes, and patient records.
- December 14, 2024 — The BianLian ransomware group posts proof-of-attack samples on its dark-web leak site.
- January 23, 2025 — The practice identifies suspicious activity, engages outside counsel, and retains a third-party forensics firm.
- March 21, 2025 — HIPAA breach notification filed with the HHS Office for Civil Rights using the final affected count of 16,435.
- June 19, 2025 — File review concludes; the practice finalizes the data elements involved per individual.
- July 29, 2025 — Public disclosure issued; individual notification letters begin going out.
- July 30, 2025 — A copy of the consumer notice is filed with the Vermont Attorney General.
What was exposed
The data elements confirmed exposed vary by individual but include:
- Name and address
- Date of birth and email address
- Social Security number
- Driver’s license number
- Health insurance information, including Medicare and Medicaid numbers and plan or policy numbers
- Diagnosis and treatment information
- Medical history and allergies
- Prescription information
- Test results
- Treatment location
BianLian’s leak-site listing also claimed to contain financial records, HR data, internal and external email correspondence, and multiple patient records. BianLian operates an exfiltration-and-extortion model rather than encrypting systems, so the central risk for affected patients is downstream use of the stolen records, not service disruption at the practice.
What the entity is offering
Mid Florida Primary Care is offering complimentary identity monitoring through Privacy Solutions, with either 12 or 24 months of coverage depending on the risk profile of the records involved. The package includes:
- Credit monitoring via Equifax
- Access to credit reports and scores
- Identity theft insurance
- Identity restoration services
- Dark-web monitoring
Enrollment instructions and a single-use activation code are included in each individual notification letter. The practice has set up a dedicated assistance line at 877-580-5596 (Monday through Friday, 9 a.m. to 6 p.m. Eastern, excluding major holidays).
Class-action and regulatory posture
The HHS OCR breach portal entry remains open at 16,435 individuals, a Hacking/IT Incident at a Network Server. The Vermont Attorney General has the consumer notice on file. No consolidated class action has been filed in the sources reviewed as of this writing. ClassAction.org’s investigation page indicates plaintiff-side attorneys have completed their pre-suit review, and Strauss Borrelli PLLC has an open investigation soliciting potential plaintiffs. We will update this section if and when a complaint is docketed.
What to do if you may be affected
- Freeze your credit with Equifax, Experian, and TransUnion. Because Social Security numbers and driver’s license data were exposed, a security freeze is materially more protective than monitoring alone. It is free and reversible.
- Enroll in the offered identity monitoring. The 12 or 24 months of Privacy Solutions coverage is worth using even if you also freeze your credit; the enrollment code in your letter is single-use.
- Watch for medical identity theft. Diagnosis, prescription, and insurance information was exposed. Review every Explanation of Benefits and request a copy of your medical record from your insurer if you see services you did not receive.
- Be alert to targeted phishing. With name, address, date of birth, and treatment context in hand, threat actors can craft very convincing follow-on lures. Treat unexpected calls or emails referencing your Mid Florida Primary Care visits with skepticism.
- Keep your notification letter. It documents your status as an affected individual, which matters for any future class-action claim or insurance dispute.
Sources
- HHS Office for Civil Rights Breach Portal — federal regulatory record (filing dated 2025-03-21; 16,435 affected; Hacking/IT Incident at Network Server).
- HIPAA Journal — Florida Internal Medicine Practice Discloses November 2024 Data Breach — incident timeline, exposed data elements, monitoring offer.
- Vermont Attorney General — 2025-07-29 Mid Florida Primary Care Data Breach Notice to Consumers — state-filed consumer notice.
- Comparitech — Florida clinic notifies 16K people of data breach that exposed SSNs and medical histories — affected count and BianLian attribution.
- ClaimDepot — Mid Florida Primary Care Discloses Data Breach Following Ransomware Attack — BianLian dark-web posting date, monitoring vendor and coverage tiers, assistance line.
- ClassAction.org — Mid-Florida Primary Care Data Breach Exposes Medical Information — plaintiff-side investigation status.
- Strauss Borrelli PLLC — Mid Florida Primary Care Data Breach Investigation — law-firm investigation summary.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- HHS Office for Civil Rights Breach Portal
- HIPAA Journal — Florida Internal Medicine Practice Discloses November 2024 Data Breach
- Vermont Attorney General — 2025-07-29 Mid Florida Primary Care Data Breach Notice to Consumers
- Comparitech — Florida clinic notifies 16K people of data breach that exposed SSNs and medical histories
- ClaimDepot — Mid Florida Primary Care Discloses Data Breach Following Ransomware Attack
- ClassAction.org — Mid-Florida Primary Care Data Breach Exposes Medical Information
- Strauss Borrelli PLLC — Mid Florida Primary Care Data Breach Investigation
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.