What Happened
In January 2026, Mid Michigan Medical Billing Service disclosed a ransomware attack affecting 28,185 individuals. The Qilin ransomware group has been linked to the incident.
The compromised data includes health and billing data. HIPAA breach notification requirements apply.
Timeline
- January 2026 — Mid Michigan Medical Billing Service discloses ransomware attack by Qilin affecting 28,185 individuals
Threat Actor Profile
Qilin continues to actively target healthcare billing and claims processing organisations, recognising the valuable combination of health and financial data these entities hold.
Impact and Risk Assessment
For Individuals
28,185 individuals had their health and billing data exposed. Medical billing data can reveal sensitive health conditions and financial information.
For Organisations
Healthcare providers that use Mid Michigan Medical Billing may need to issue their own breach notifications to affected patients.
Regulatory Context
HIPAA breach notification requirements apply to both the billing service and the healthcare providers it serves.
What Should You Do?
For Individuals
- If you receive healthcare services from providers that use Mid Michigan Medical Billing, monitor your explanation of benefits for signs of medical identity fraud.
For Security Professionals
- Medical billing services are prime ransomware targets. Prioritise endpoint detection, immutable backups, and network segmentation.
- Healthcare providers should assess the security posture of their billing service partners.
Learnings and Recommendations
Medical billing services are prime ransomware targets because they handle both health and financial data across multiple healthcare provider clients.