Ransomware gang says it breached patient health and payment data at Michigan clinic

Ransomware gang BianLian today claimed responsibility for a November 2024 data breach at St. Clair Orthopaedics and Sports Medicine, which operates a pair of clinics north of Detroit, Michigan.

St. Clair notified an undisclosed number of patients that the following data was compromised in the breach:

• Health insurance data including health plans and policies, insurance companies, member and group ID numbers, and Medicaid-Medicare government payer ID numbers
• Health data including medical record numbers, doctors, diagnosis, medicines, test results, images, care, and treatment
• Billing, insurance claims and payment data including claim numbers, account numbers, billing codes and balances
• Other personal data including Social Security numbers, driver’s license or state ID numbers, and other ID numbers

BianLian says it stole 1.2 TB of data from St. Clair.

St. Clair has not verified BianLian’s claim. We do not yet know if St. Clair did or will pay a ransom, how much BianLian demanded, or how attackers breached St. Clair’s network. Comparitech contacted St. Clair for comment and will update this article if it replies.

A notice posted on St. Clair’s website about the incident does not mention any offer of free credit monitoring or identity theft protection for victims.

“SCOSM discovered suspicious activity within its network on November 24, 2024,” the notice says. “On December 9, 2024, the investigation determined some of the impacted locations contained patient information.”

Who is BianLian?

The FBI says BianLian, like some other ransomware groups, extorts victims for stolen data but does not encrypt targeted systems. It first started posting victims to its data leak site in late 2021. Since then, BianLian claimed responsibility for 76 confirmed ransomware attacks, compromising 3.76 million records.

29 of those attacks, accounting for 2 million records, were on hospitals, clinics, and other healthcare providers. BianLian claimed attacks on River Region Cardiology Associates, which compromised 500,000 records in September 2024, and on Mohawk Valley Cardiology, which compromised about 5,000 records in August 2024.

BianLian claimed 12 ransomware attacks so far in 2025, but none have been publicly acknowledged by the targeted organizations yet.

Ransomware attacks on US healthcare

Ransomware attacks on hospitals clinics can lock down computer systems and steal data. In BianLian’s case, it’s most likely just the latter. Hospitals are forced to either pay a ransom or put customers at increased risk of fraud.

In 2024, Comparitech logged 135 confirmed ransomware attacks on hospitals, clinics, and other direct care providers in the US. Those attacks compromised more than 23 million records and came with an average ransom demand of $1 million.

In 2025 so far, we’ve confirmed two such attacks still disrupting operations at New York Blood Center Enterprises and Frederick Health.

About St. Clair Orthopaedics and Sports Medicine

St Clair operates two locations north of Detroit in St Clair Shores and Macomb Township, Michigan. It employs 18 physicians, according to its website.