Mid-South Pulmonary & Sleep Specialists Data Breach Exposes Social Security Numbers and Medical Records

Healthcare data breach illustration
Breach Discovery: 2nd November 2025Breach Notification: 22nd June 2026

What Happened in the Mid-South Pulmonary Data Breach?

Mid-South Pulmonary & Sleep Specialists, a Memphis-based pulmonary, critical care and sleep medicine practice, has confirmed a data breach affecting patient information. The Mid-South Pulmonary data breach involved unauthorized access to the practice’s computer systems. As a result, sensitive personal and health details may have fallen into the wrong hands.

According to the company, unauthorized activity within its network occurred on or about Nov. 2, 2025. Once the practice detected this activity, it moved to secure its systems. A ransomware group known as Anubis later claimed responsibility for the intrusion. On Nov. 28, 2025, this group posted on the dark web claiming to have stolen the organization’s internal data, including names, Social Security numbers and medical records.

Following the discovery, Mid-South Pulmonary brought in third-party forensic experts to investigate the scope of the incident. This investigation confirmed that protected health information may have been accessed without authorization. Because the review of affected files took time, the company did not post a public notice until June 22, 2026. It then began notifying potentially affected patients by mail.

The gap between discovery and notification reflects the complexity of these investigations. In many cases, organizations must review large volumes of files to determine exactly whose information was involved. This process, while sometimes lengthy, is meant to ensure that notifications are accurate and complete.

Who was affected?

The Mid-South Pulmonary data breach primarily affects current and former patients of the practice. Because the organization specializes in pulmonary, critical care and sleep medicine, those affected likely include individuals who received treatment for respiratory or sleep-related conditions in the Memphis area.

The exact number of people affected by this breach has not been publicly disclosed. However, the presence of medical record numbers, treatment information and diagnostic details suggests the exposure could touch a substantial patient population. In addition, because healthcare records often span years, both recent and long-past patients could be included.

It remains unclear whether employees or other non-patient individuals were also affected. As a result, anyone who received care from Mid-South Pulmonary & Sleep Specialists should consider themselves potentially at risk until they receive official confirmation one way or the other.

What Information Was Potentially Exposed?

The breach exposed a wide range of personally identifiable information and protected health information. This combination makes the incident particularly serious, since both financial fraud and medical fraud become possible risks.

  • First and last names
  • Home addresses
  • Dates of birth
  • Dates of service
  • Driver’s license or state ID numbers
  • Financial account information
  • Health insurance information
  • Medical diagnosis information
  • Medical history
  • Medical provider names
  • Medical record numbers
  • Medical treatment information
  • Medicare/Medicaid numbers
  • Mental or physical condition information
  • Other patient identifiers
  • Patient account numbers
  • Prescription information
  • Social Security numbers

Because Social Security numbers and driver’s license numbers were exposed, affected individuals face a heightened risk of identity theft. Criminals could use this data to open new credit accounts, file fraudulent tax returns or apply for loans in someone else’s name. This type of fraud can take months to detect and even longer to fully resolve.

In addition, the exposure of medical records and health insurance information raises the risk of medical identity theft. For example, someone could use stolen health insurance details to obtain treatment or prescriptions under another person’s identity. This can lead to inaccurate medical records, which in turn can affect future care and insurance claims.

What is the company doing?

After detecting the unauthorized activity, Mid-South Pulmonary & Sleep Specialists engaged third-party forensic experts to investigate the incident. This step allowed the company to determine what data was accessed and confirm the scope of the exposure. Because ransomware groups often threaten to leak stolen data, forensic review also helps organizations understand what information may already be circulating.

In response to the breach, the company posted a notice on its website and began notifying potentially affected patients by U.S. mail. It also established a dedicated toll-free call center to answer questions and address concerns. The call center operates from 8 a.m. to 8 p.m. Eastern time, Monday through Friday, excluding holidays. Individuals can also reach the company by email or by writing to its Memphis office.

Going forward, affected patients are encouraged to contact the practice directly if they believe they may have been impacted. This ongoing outreach suggests the company is still working through the notification process for some individuals.

What Should Affected Individuals Do?

Monitor Your Credit Reports

Anyone affected by the Mid-South Pulmonary data breach should regularly check their credit reports for suspicious activity. Because Social Security numbers were exposed, new account fraud is a real possibility. Reviewing your reports from all three major credit bureaus can help you catch problems early.

You can request free copies of your credit report through AnnualCreditReport.com. In addition, consider spacing out your requests throughout the year so you have ongoing visibility into your credit file. If you notice unfamiliar accounts or inquiries, report them to the credit bureau immediately.

Consider a Fraud Alert or Credit Freeze

Given the exposure of Social Security numbers, driver’s license numbers and financial account information, placing a fraud alert or credit freeze is a strong protective step. A fraud alert requires creditors to verify your identity before opening new accounts in your name. A credit freeze goes further by restricting access to your credit file entirely.

To set up either protection, contact one of the three major credit bureaus, since a fraud alert placed with one bureau typically notifies the others. Because a credit freeze can be lifted temporarily when needed, it does not have to interfere with legitimate credit applications. As a result, many security experts recommend a freeze for anyone whose Social Security number has been exposed.

Protect Against Medical Identity Theft

Because medical records, health insurance information and Medicare/Medicaid numbers were involved, affected individuals should watch for signs of medical identity theft. This can include unfamiliar charges on insurance statements or medical bills for services you never received. Reviewing your explanation of benefits statements closely is a good first step.

If you spot anything unusual, contact your health insurance provider right away. In addition, request a copy of your medical records to check for errors that could result from fraudulent treatment under your name. Correcting these errors promptly can help prevent complications with future medical care.

Stay Alert for Phishing Attempts

Following a healthcare data breach, scammers often use stolen information to craft convincing phishing emails, texts or phone calls. These messages may reference your real medical provider or personal details to appear legitimate. Because of this, it’s important to treat unexpected communications with caution, especially those requesting personal or financial information.

Never click on links or provide sensitive details in response to unsolicited messages. Instead, verify any request by contacting the organization directly using a known phone number or website. If something feels off, it’s always safer to double-check before responding.

Consult a Data Breach Attorney

If you received a notification letter about this incident, you may want to speak with a data breach attorney about your options. An attorney can help you understand whether you qualify for compensation and what steps to take next. Many offer free case evaluations, so there’s little downside to asking questions.

Because deadlines for legal claims can vary by state, it’s wise to act sooner rather than later. In addition, an attorney can help you determine whether identity theft or fraud you experience is connected to this specific breach.



More Information

Official Source

Official Source

Related Data Breaches