Mid Michigan Medical Billing Service
Analysis of the Mid Michigan Medical Billing ransomware attack by Qilin group affecting 28,185 individuals.
Published by the Scrutex.ai Research Team | January 2026
Disclaimer
This advisory is provided for informational and educational purposes only by the Scrutex research team. It is based entirely on publicly available reporting from the sources cited below. Where details are unconfirmed or disputed by the affected organisation, this is noted explicitly. Scrutex does not independently verify internal claims made by affected organisations or threat actors. This advisory should not be interpreted as a confirmed statement of fact regarding any organisation's security posture. Organisations concerned about their own exposure should conduct independent assessments and seek professional legal advice.
At a Glance
Organisation
Mid Michigan Medical Billing Service
Medical billing service provider in Michigan handling healthcare billing and claims processing for healthcare providers.
Sector
Healthcare
Region
United States
Date of Incident
Prior to January 2026 (exact date not disclosed)
Date Disclosed
January 2026
Estimated Impact
28,185 individuals
Data Types Exposed
Health and billing data (specific fields not publicly detailed)
Attack Type
Ransomware
Attack Vector
Ransomware deployment by Qilin group (specific initial access vector not disclosed)
Threat Actor
Qilin ransomware group
Current Status
Under investigation. HIPAA breach notification filed.
Severity Assessment
High. Over 28,000 individuals had health and billing data exposed by the Qilin ransomware group targeting a medical billing service that processes data for multiple healthcare providers.
What Happened
In January 2026, Mid Michigan Medical Billing Service disclosed a ransomware attack affecting 28,185 individuals. The Qilin ransomware group has been linked to the incident.
The compromised data includes health and billing data. HIPAA breach notification requirements apply.
Timeline
January 2026
Mid Michigan Medical Billing Service discloses ransomware attack by Qilin affecting 28,185 individuals
Threat Actor Profile
Qilin continues to actively target healthcare billing and claims processing organisations, recognising the valuable combination of health and financial data these entities hold.
Impact and Risk Assessment
For Affected Individuals
28,185 individuals had their health and billing data exposed. Medical billing data can reveal sensitive health conditions and financial information.
For Organisations
Healthcare providers that use Mid Michigan Medical Billing may need to issue their own breach notifications to affected patients.
Regulatory Context
HIPAA breach notification requirements apply to both the billing service and the healthcare providers it serves.
What Should You Do?
If You Are a Potentially Affected Individual
If you receive healthcare services from providers that use Mid Michigan Medical Billing, monitor your explanation of benefits for signs of medical identity fraud.
If You Are a Security or Risk Professional
Medical billing services are prime ransomware targets. Prioritise endpoint detection, immutable backups, and network segmentation.
Healthcare providers should assess the security posture of their billing service partners.
Learnings and Recommendations
Medical billing services are prime ransomware targets because they handle both health and financial data across multiple healthcare provider clients.
Sources
This advisory is provided for informational purposes by the Scrutex.ai research team. It is based on publicly available reporting from the sources cited above. Where details are unconfirmed or disputed, we have noted this accordingly. Scrutex.ai does not independently verify internal claims made by affected organisations. Organisations concerned about their own exposure are encouraged to conduct their own assessments and seek professional advice where needed.
Stay ahead of the next breach
Scrutex monitors dark web sources, breach databases, and threat actor activity continuously, detecting exposure that affects your organisation before it becomes a headline.