Mid South Pulmonary & Sleep Specialists Data Breach
Mid South Pulmonary & Sleep Specialists Breach (2025): Patient SSN Exposed
Pulmonary medicine and sleep disorder clinic.
Risk Interpretation
Severe risk of identity theft, medical fraud, and privacy harm. Sleep and respiratory treatment context can also support highly targeted healthcare scams.
Impact & Downstream Threats
The institutional impact on Mid-South Pulmonary is meaningful given the practice's regional scale and the size of the affected patient population. Federal HIPAA notification obligations, an Office for Civil Rights review, Tennessee attorney-general filings, and emerging class-action litigation discussions are all underway. As a regional specialty practice with hospital-affiliated intensivist responsibilities, Mid-South Pulmonary's breach response affects relationships with Methodist Healthcare,
- Identity theft and synthetic identity construction using government-issued IDs
- SIM swap attacks where phone numbers are present
Threat Vectors
Breach Intelligence
Executive Summary
Mid-South Pulmonary & Sleep Specialists, P.C., a pulmonary, critical care, and sleep medicine practice based in Memphis, Tennessee, was named on November 28, 2025 as a victim of the Anubis ransomware operation. Anubis posted the practice on its dark-web leak site, identifying the incident as a patient data breach. The breach surfaced publicly through dark-web monitoring services in mid-February 2026, with class-action investigations by U.S. plaintiff law firms organizing shortly after.
The breach affected approximately 43,000 individuals based on records indexed by breach-tracking services. Compromised fields included names, phone numbers, and Social Security numbers. As a pulmonary, sleep medicine, and critical care practice, the underlying records exfiltrated by the attackers also include patient identity, insurance, billing, sleep-study results, pulmonary-function test data, intensive-care discharge summaries, and respiratory-condition diagnoses typical of a specialty pulmonary operation, beyond the more limited field set surfaced publicly.
For affected patients, the practical risk profile combines identity-fraud exposure with respiratory-care-specific risks. The combination of name and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms a pulmonary, sleep, or critical-care relationship and may reference specific diagnoses such as sleep apnea, COPD, or pulmonary hypertension, which can support medical-themed phishing referencing real treatments or insurance claims. Patients with sleep apnea diagnoses face additional risk concerning commercial driver's license and FAA medical certification status. Patients who received intensive care services at Methodist Healthcare, Baptist East, or St. Francis hospitals through Mid-South Pulmonary intensivists may have their ICU care histories included in the affected records. Affected individuals should freeze credit at all three U.S. bureaus, monitor health-insurance statements, and treat unsolicited contact referencing Mid-South Pulmonary, related hospitals, or pulmonary care with caution.
About Mid South Pulmonary & Sleep Specialists
Mid-South Pulmonary & Sleep Specialists, P.C. is a pulmonary, critical care, and sleep medicine private practice based in Memphis, Tennessee, founded in 1989. The practice operates from a primary location at 5050 Poplar Avenue and serves patients across the Mid-South region of western Tennessee, northern Mississippi, and eastern Arkansas. Mid-South Pulmonary employs approximately seventeen board-certified physicians and ten advanced practice providers, with subspecialty focus including pulmonary medicine, sleep medicine, and critical care intensivist services. The practice's physicians serve as intensivists in the intensive care units of Methodist Healthcare hospitals, Baptist East Hospital, and St. Francis Hospital. Annual revenue is approximately $15.1 million. As a HIPAA-regulated specialty medical practice, Mid-South Pulmonary maintains substantial volumes of protected health information including patient identity, insurance, billing, appointment, diagnostic, and treatment records, alongside sleep-study results from its Methodist Healthcare-affiliated sleep disorders center and pulmonary-function test data.
Why They Hold Your Data
Pulmonary and sleep-medicine practices collect patient identity, contact, insurance, billing, appointment, and treatment records across specialty care operations.
Recent Developments
Mid-South Pulmonary & Sleep Specialists was named on November 28, 2025 as a victim of the Anubis ransomware operation, which posted the practice on its dark-web leak site identifying the breach as a patient data incident. The breach surfaced publicly through dark-web monitoring services in mid-February 2026. The practice has not publicly detailed the incident as of this writing, and U.S. plaintiff law firms began organizing class-action investigations in late February 2026. Anubis has been active in the U.S. healthcare sector throughout 2025, with confirmed victims also including AllerVie Health.
Data Points Exposed
Exposure Categories
Canonical Fields
full_name, phone_number, ssn
Dark Web Verification
- Dataset containing ~43K records identified in breach intelligence sources
- Data indexed and searchable across breach notification platforms
- Source: mid-south-pulmonary-and-sleep-specialists-2025
Recommended Actions
⚠️ Do not assume this is low sensitivity.
Protect Yourself
Check If You’re Affected
Enter your email to check if your data appears in this breach.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed.
High-Risk? Get an Exposure Audit
Full-spectrum exposure audits for executives and public figures.
ObscureIQ Advisory
We combine proprietary dark web access with commercial and restricted breach intelligence to verify exposure and assess real-world risk.
- A public-facing individual
- A high-profile executive
- A customer of Mid South Pulmonary & Sleep Specialists
- Or concerned about credential reuse
Powered by the ObscureIQ Breach Intelligence Database
© 2026 ObscureIQ · All Rights Reserved · Data Licensing
Latest from ObscureIQ
What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.
Sextortion Spam