Florida Lung, Asthma & Sleep Specialists Hit by Major Ransomware Attack

Florida Lung, Asthma & Sleep Specialists (FLASS) has become the latest healthcare provider to fall victim to a significant cyberattack, with approximately 10,000 patients potentially having their personal information compromised. The breach, perpetrated by the notorious RHYSIDA ransomware group, highlights the ongoing cybersecurity challenges facing healthcare organizations across the United States.

What Happened

On May 11, 2025, FLASS identified a data security incident that resulted in unauthorized access to their network systems. The breach affected the practice's network server, where patient records and other sensitive information were stored.

The incident became publicly known when the RHYSIDA ransomware group published details about the attack on the dark web on May 20, 2025. This timeline suggests that the attackers may have maintained access to FLASS systems for several days before the breach was discovered, potentially allowing them extended time to exfiltrate sensitive patient data.

FLASS reported the incident to the Department of Health and Human Services on July 9, 2025, as required under HIPAA breach notification rules. The practice has also begun notifying affected patients about the security incident.

Who Is Affected

Approximately 10,000 individuals across the United States have been impacted by this data breach. All affected individuals were patients of Florida Lung, Asthma & Sleep Specialists, a healthcare provider specializing in pulmonary medicine, allergy treatment, and sleep disorders.

The breach notification indicates that the unauthorized access may have involved "certain personal information" and "specific patient records," though the exact types of data compromised have not been fully detailed in the available information.

Breach Details

The RHYSIDA Ransomware Group

RHYSIDA is a well-known ransomware operation that has targeted numerous organizations across various industries, including healthcare. The group typically follows a double-extortion model, where they both encrypt victim systems and steal sensitive data before demanding payment. If victims refuse to pay, RHYSIDA often publishes the stolen information on dark web leak sites.

The fact that RHYSIDA made this breach public on May 20, 2025 – just nine days after FLASS discovered the incident – suggests the attackers moved quickly to leverage the stolen data for maximum impact.

Technical Aspects

The breach occurred on FLASS's network server, indicating that the attackers gained access to centralized systems where patient data was stored. This type of network-level compromise can be particularly devastating as it potentially gives attackers access to large volumes of patient records simultaneously.

Hacking and IT incidents like this one often begin with common attack vectors such as:

• Phishing emails targeting staff members
• Exploitation of unpatched software vulnerabilities
• Compromised credentials from previous data breaches
• Remote access vulnerabilities

What This Means for Patients

For the 10,000 affected patients, this breach represents a serious privacy violation that could have lasting consequences. While the full extent of compromised information hasn't been disclosed, healthcare data breaches typically involve:

• Names and contact information
• Social Security numbers
• Health insurance information
• Medical record numbers
• Diagnosis and treatment information
• Prescription details

The exposure of this information could lead to various risks for patients, including identity theft, insurance fraud, and privacy violations. Medical information is particularly valuable to cybercriminals as it cannot be changed like credit card numbers and often provides enough personal details for comprehensive identity theft.

Long-term Implications

Healthcare data breaches can have long-lasting effects on patients. Unlike financial information, medical records cannot be easily "canceled" or replaced. This means patients may face ongoing risks related to:

• Medical identity theft
• Insurance fraud
• Discrimination based on health conditions
• Blackmail or extortion attempts
• Targeted phishing campaigns using personal health information

How to Protect Yourself

If you are a patient of Florida Lung, Asthma & Sleep Specialists, there are several steps you should take immediately:

Immediate Actions

1. Monitor your accounts: Regularly check your health insurance statements and medical records for any unauthorized activity
2. Review credit reports: Obtain free credit reports from all three major bureaus and look for suspicious accounts or inquiries
3. Set up fraud alerts: Contact credit bureaus to place fraud alerts on your credit files
4. Watch for suspicious communications: Be wary of phone calls, emails, or letters claiming to be from healthcare providers or insurance companies

Ongoing Protection

1. Consider credit freezes: A credit freeze prevents new accounts from being opened without your explicit permission
2. Monitor health insurance: Review Explanation of Benefits (EOB) statements carefully for services you didn't receive
3. Secure personal information: Be cautious about sharing personal or medical information over the phone or via email
4. Stay informed: Follow updates from FLASS regarding the incident and any additional protective measures they implement

Documentation

Keep detailed records of any suspicious activity and report it immediately to the appropriate authorities, including:

• Your healthcare providers
• Health insurance companies
• Credit bureaus
• Law enforcement if necessary

Prevention Lessons for Healthcare Providers

The FLASS incident serves as another stark reminder of the cybersecurity challenges facing healthcare organizations. Ransomware groups like RHYSIDA specifically target healthcare providers because they often have valuable data and may be more likely to pay ransoms due to the critical nature of their services.

Key Security Measures

Healthcare providers should implement comprehensive cybersecurity strategies including:

1. Regular security assessments: Conduct frequent vulnerability scans and penetration testing
2. Employee training: Provide ongoing cybersecurity awareness training, particularly focused on phishing recognition
3. Network segmentation: Isolate critical systems to limit the spread of potential breaches
4. Backup systems: Maintain secure, regularly tested backup systems that are isolated from main networks
5. Incident response planning: Develop and regularly test comprehensive incident response procedures
6. Access controls: Implement strong authentication measures and limit access to sensitive data

Compliance Considerations

This breach also highlights the importance of HIPAA compliance in cybersecurity planning. Healthcare providers must ensure their security measures meet HIPAA requirements while also addressing evolving cyber threats.

The timeline between the initial breach discovery (May 11) and the HHS notification (July 9) appears to comply with HIPAA's 60-day reporting requirement, but the rapid publication on the dark web (May 20) demonstrates how quickly these incidents can escalate.

Conclusion

The Florida Lung, Asthma & Sleep Specialists ransomware attack represents another significant healthcare data breach that underscores the persistent and evolving cybersecurity threats facing the healthcare industry. With 10,000 patients affected and the involvement of the sophisticated RHYSIDA ransomware group, this incident serves as a critical reminder of the importance of robust cybersecurity measures and comprehensive incident response planning.

For affected patients, vigilance and proactive protective measures are essential. For healthcare providers, this breach highlights the need for continuous investment in cybersecurity infrastructure, employee training, and incident response capabilities.

As cyber threats continue to evolve, healthcare organizations must remain vigilant and proactive in protecting patient data. The cost of prevention is invariably less than the cost of a breach – both in financial terms and in the trust of the patients they serve.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.