Alabama Ophthalmology Associates this week confirmed it notified 131,576 people about a January 2025 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Health insurance info
- Treatment info
- Medical record number
- Medical history info
- Dates of birth
Ransomware gang BianLian claimed responsibility for the attack. The group says it stole finance and HR data, patient records, biometric info, emails, and more from AOA.
AOA has not verified BianLian’s claim. We do not know whether the company paid a ransom, how much BianLian demanded, or how attackers breached AOA’s network. Comparitech contacted AOA for comment and will update this article if it replies.
“The investigation revealed certain personal / protected health information was accessed and acquired without authorization by an unknown actor between January 22 and January 30, 2025,” says AOA’s notice (PDF) to victims. “AOA undertook a comprehensive review of the impacted data to identify the individuals and information involved, which concluded on March 19, 2025.”
The notice does not mention free credit monitoring or identity theft protection, which breached companies usually offered to victims whose Social Security numbers are compromised.
Who is BianLian?
BianLian is a ransomware group that extorts organizations for stolen data, but it doesn’t encrypt target systems. Breached organizations must pay a ransom or else BianLian will publish the stolen data on its website.
BianLian claimed 80 confirmed ransomware attacks since it began naming victims in 2022, compromising more than 4.4 million records. Of those attacks, 30 hit targets in the healthcare sector, accounting for 2.6 million of the breached records.
AOA is BianLian’s first confirmed healthcare target this year. Its other recent such attacks include:
- In February 2025, BianLian claimed responsibility for a November 2024 data breach at St. Clair Orthopaedics and Sports Medicine, which operates a pair of clinics north of Detroit, Michigan.
- Also in February 2025, BianLian added Aspire Rural Health System to its data leak site, alleging to have stolen a variety of data
- In December 2024, BianLian claimed an attack on Physicians’ Primary Care of Southwest Florida
- In October 2024, BianLian has added Boston Children’s Health Physicians (BCHP) to its data leak site
- In May 2024, Hypertension Nephrology Associates notified almost 40,000 people of a data breach claimed by BianLian
The group claimed one other confirmed attack in 2025 so far against Australian finance company Hall Chadwick. BianLian made another 30 unconfirmed claims in 2025 to date that haven’t been acknowledged by the targeted organizations.
Ransomware attacks on US healthcare
Comparitech researchers logged 16 confirmed ransomware attacks on US hospitals, clinics, and other care providers in 2025, compromising the personal and health data of about 470,000 people.
Other recent such attacks include those on Vitenas Cosmetic Surgery, which notified 31,852 people of a February 2025 breach claimed by Kairos, and DaVita, which is still facing disruptions following an attack earlier this month.
Ransomware attacks on US hospitals, clinics, and other care providers can cripple key systems and endanger the privacy and security of patients. Providers must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics may have to resort to pen and paper, cancel certain appointments, and divert patients elsewhere until systems are restored.
About Alabama Ophthalmology Associates
Founded in 1976, Alabama Ophthalmology Associates is a six-physician eye and vision care practice with locations in Birmingham, Grandview, Huntsville, and Montgomery.
