Local Radiology Associate Notifies Patients of Data Breach

by Chief Editor

MCBS, LLC, a healthcare billing support provider, notified patients of Stephen W. Brown & Radiology Associates of Augusta that an unauthorized individual may have accessed their personal and medical information. The security incident occurred between September 22 and September 26, 2025, potentially exposing sensitive data including Social Security numbers, dates of birth, and medical histories.

What specific information was compromised in the MCBS breach?

According to a notification letter mailed by MCBS, LLC, the data potentially accessed by the unauthorized individual includes highly sensitive personal identifiers. The company confirmed that the impacted information may consist of names and addresses, Social Security numbers, and dates of birth.

What specific information was compromised in the MCBS breach?

The breach also extends to protected health information. MCBS stated that health plan beneficiary numbers, health insurance policy or subscriber identification numbers, and other health insurance details may have been stolen. Furthermore, the company noted that medical history, mental or physical conditions, medical treatment information, and diagnosis information were among the files potentially subject to unauthorized acquisition.

When did the security incident occur and when was it discovered?

The timeline of the breach involves a significant gap between the initial access and the completion of the forensic investigation. MCBS stated it learned of the unauthorized network access on or about September 25, 2025.

Following the initial discovery, the company engaged external cybersecurity professionals to conduct an extensive forensic investigation and document review. On May 28, 2026, MCBS reported that it had determined certain files were acquired during a specific window of time, identified as approximately September 22 through September 26, 2025.

Pro Tip: Regularly review your “Explanation of Benefits” (EOB) statements from your insurance provider. If you see charges for medical services or diagnoses you never received, it may indicate medical identity theft.

How can affected patients protect their personal information?

MCBS, LLC is providing 12 months of complimentary identity monitoring services through Kroll to those affected by the incident. While the company stated it is not currently aware of any misuse or fraudulent activity resulting from this breach, it has advised patients to take several precautionary steps.

January 2026: Major Data Breaches and Cyber Attacks

The company encourages patients to follow guidance from the Federal Trade Commission (FTC) regarding identity theft. Recommended actions include:

  • Placing a fraud alert or security freeze on credit files.
  • Regularly reviewing financial account statements and credit reports.
  • Reporting any suspicious activity directly to a healthcare provider.

Why are third-party billing companies a target for cyberattacks?

Did you know?

Frequently Asked Questions

Was my medical history leaked?

According to MCBS, LLC, the information potentially impacted includes medical history, mental or physical conditions, and diagnosis information.

Why are third-party billing companies a target for cyberattacks?
Is there free help available for victims?

MCBS is providing 12 months of complimentary identity monitoring through Kroll for patients who received the notification letter.

What should I do if I see suspicious activity on my credit report?

The company recommends reviewing your credit reports and following Federal Trade Commission guidance to report and resolve suspicious activity.


Stay informed on data privacy: Have you ever received a data breach notification? Share your experience in the comments below or subscribe to our newsletter for the latest updates on cybersecurity and consumer protection.

You may also like

Leave a Comment