MCBS, LLC, a medical billing support company in Augusta, Georgia, has begun notifying patients of Stephen W. Brown & Radiology Associates that their protected health information (PHI) was likely stolen during a September 2025 network intrusion. The breach exposed names, Social Security numbers, medical record numbers, and treatment data—and the firm is now offering complimentary identity monitoring. For anyone in the Augusta area who has visited that radiology practice, the clock is ticking on protecting their digital lives.
What Actually Happened
Sometime in September 2025, MCBS detected unauthorized activity on its computer network. An outside attacker had broken in. The company’s forensic investigation later confirmed that files containing patient data were accessed and possibly exfiltrated. MCBS has not publicly disclosed how the intruder got in, but the damage is clear: a trove of PHI tied to patients of a single radiology group is now in criminal hands.
The stolen information varies by individual. Some victims may have had only their name and address exposed, while others face the worst-case scenario: a full profile including date of birth, Social Security number, health insurance ID, medical record number, and even clinical details such as diagnoses or imaging results. The company says it is notifying every person whose data was confirmed to be in the compromised systems, but the total number of affected patients remains unknown.
Notification letters are going out now. If you are a current or former patient of Stephen W. Brown & Radiology Associates, watch your mailbox. The letter will explain how to enroll in the free identity monitoring service being offered, typically through a major provider like Equifax, Experian, or TransUnion. You’ll get a unique enrollment code and a deadline for activation.
This was not a hack on the healthcare provider itself but on a business associate—a third-party billing company that handles insurance claims, patient statements, and the rivers of data that flow behind every doctor’s visit. That distinction matters because it means patients rarely have a direct relationship with the company that lost their data, and they often learn of the breach only when a letter arrives months later.
What It Means for You
Medical identity theft is not like a stolen credit card. You can’t simply cancel your birth date or get a new Social Security number. Once PHI is leaked, it can be used for years—filing false insurance claims, obtaining prescription drugs, or even getting medical care in your name that pollutes your health record with someone else’s blood type or allergies. The financial fallout can be equally ugly: fraudulent tax returns, opened lines of credit, and synthetic identity fraud.
For Windows users specifically, this breach raises the risk of targeted phishing. Attackers who hold your email address, full name, and medical provider information can craft incredibly convincing emails that appear to come from your doctor’s office, your insurer, or the billing company itself. Click a link, and you might download info-stealer malware, ransomware, or a remote-access trojan that turns your PC into a zombie. Even a well-patched Windows 11 machine can’t protect you if you’re tricked into running a malicious executable.
If you use your Windows PC to access patient portals, check medical records, or communicate with providers—and millions do—you should treat your machine as a high-value target. The breach notification is a reminder to harden your system now.
How We Got Here
Healthcare data breaches are not a new story, but they are accelerating. Business associates like MCBS have become a favorite target because they concentrate data from many providers into one vulnerable network. The U.S. Department of Health and Human Services’ breach portal shows hundreds of such incidents each year, and the pattern is consistent: a vendor with less rigorous security than a hospital gets compromised, and the ripple effect hits thousands or millions of patients.
The MCBS incident follows a September 2025 intrusion. The gap between intrusion and notification—typically several months—is standard, as companies hire forensic investigators, rebuild systems, and work with law enforcement before mailing letters. What we don’t know yet is the attack vector. Common culprits include unpatched VPN appliances, phishing emails that steal employee credentials, or brute-force attacks on remote desktop services. Sometimes, the initial entry point is never made public.
Regardless of how it happened, the aftermath is yours to manage. HIPAA requires breached entities to offer credit monitoring, but that’s a floor, not a ceiling. The onus is on you to take the protection further.
What to Do Now: A Windows User’s Defense Plan
If you’ve received a notification letter, follow the steps in order. If you haven’t but are a patient of Stephen W. Brown & Radiology Associates, assume your data was caught in the breach and act accordingly.
1. Activate the Free Identity Monitoring Immediately
Do not toss the letter aside. The codes expire. Sign up through the designated service—usually a website that will walk you through creating an account and verifying your identity. This service typically covers credit monitoring, dark web scans, and identity restoration assistance for at least 12 months. It’s not foolproof, but it’s your first line of defense.
2. Lock Down Your Credit
Place a fraud alert with one of the three major credit bureaus—Equifax, Experian, or TransUnion. That one alert will propagate to the other two, and it’s free. A fraud alert makes it harder for someone to open new accounts in your name. For stronger protection, consider a security freeze (also free), which locks your credit file entirely until you lift it. You can do this online in minutes.
3. Monitor Medical and Insurance Statements
Medical fraud often appears as small charges or unfamiliar provider names on an Explanation of Benefits (EOB) from your insurer. Review every EOB and bill that arrives, even if the amount is zero. If you spot something you don’t recognize, contact your insurer and the provider immediately. Request a complete account of your medical records to look for incorrect entries.
4. Harden Your Windows PC
This is where the breach becomes a Windows security issue. Make these changes today:
- Enable automatic updates. Go to Settings > Windows Update and ensure updates are installed automatically. Security patches cannot be postponed.
- Turn on Microsoft Defender’s real-time protection and cloud-delivered protection. Open Windows Security, check Virus & threat protection settings, and flip on every toggle.
- Use Microsoft Edge or another modern browser with phishing protection. Edge’s SmartScreen technology blocks known malicious sites. In Edge settings, under Privacy, search, and services, confirm that “Microsoft Defender SmartScreen” is on.
- Install a password manager. A browser-based option like Microsoft Edge’s password manager or a standalone tool like Bitwarden generates and stores unique, complex passwords for every site. No more reusing “Spring2025!” across your healthcare portal and your email.
- Enable two-factor authentication (2FA) everywhere that offers it. Prioritize email, financial accounts, and healthcare portals. Use an authenticator app like Microsoft Authenticator rather than SMS codes when possible.
- Create a separate, non-administrator user account for daily computing. This simple step prevents malware from gaining administrative privileges even if you accidentally run it.
5. Outsmart Phishing Emails
Expect a surge of phishing attempts if your email was exposed. Attackers will craft messages that look exactly like legitimate patient communications. Practice these habits:
- Hover over links (don’t click) to see the real URL. If it doesn’t match the official domain of your doctor or the billing company, delete it.
- Never open attachments you weren’t expecting, especially PDFs or Word documents that might contain macros.
- Instead of clicking a “log in” link in an email, type the known website address directly into your browser.
- Use the “Report Phishing” button in Outlook or webmail; this helps defenders block future attacks.
6. File Your Tax Return Early
A stolen Social Security number is a golden ticket for tax fraud. File your 2025 federal and state tax returns as soon as you have all your documents. The IRS accepts returns starting in late January 2026. Filing early can block a fraudulent return from being accepted in your name.
7. Watch for Social Engineering Calls
Don’t be surprised if your phone rings with someone claiming to be from “the billing department” who knows your full name, date of birth, and recent medical procedure. This is vishing—voice phishing. Hang up. Call your provider’s office directly using a number you trust (from a bill or their official website) to verify any issues.
Your Most Pressing Questions
I never received a letter. Does that mean my data wasn’t exposed?
Not necessarily. Letters can be delayed by mailing bottlenecks, or you may have moved and not updated your address with the provider. Until you have explicit confirmation that you were not affected, take the precautionary steps anyway.
The identity monitoring offer says it lasts two years. Is that enough?
Medical data doesn’t expire. Two years of monitoring is better than nothing, but you should remain watchful long after the service ends. Check your credit reports regularly (free weekly through AnnualCreditReport.com) and consider investing in a long-term identity theft protection plan if you have the resources.
Can this breach affect my Windows PC even if I don’t open phishing emails?
Yes. If attackers use your exposed phone number, they might send SMS-based phishing (smishing) that includes malicious links. Or they could attempt to reset your passwords using knowledge-based security questions derived from your leaked data. Strong 2FA and unique passwords are your best defense.
Will the billing company be held accountable?
The Office for Civil Rights (OCR) within HHS will likely investigate the breach for HIPAA compliance failures. Fines and corrective action plans are possible. However, such regulatory actions do not directly compensate victims. Class-action lawsuits have become common after large health breaches, though payouts are often small and slow to materialize.
Outlook: The Long Shadow of a PHI Breach
The MCBS breach will not fade quickly. Stolen medical records circulate on dark web forums for years. Affected patients may see sporadic fraud attempts for a decade. The billing company will almost certainly revamp its security posture in the wake of OCR scrutiny and reputational damage, but that does not undo the exposure.
For Windows users, the lesson is timeless: your personal device is the last line of defense. Updates, phishing awareness, and account hygiene are not just IT chores; they are the difference between a notification letter and a full-blown identity crisis. Keep your ear to the ground for any follow-up communications from Stephen W. Brown & Radiology Associates or MCBS, and keep your Windows security tight.