Florida Lung, Asthma & Sleep Specialists, a Florida-based pulmonary and sleep-medicine practice operating five offices across the greater Orlando area, suffered a ransomware attack in May 2025 carried out by the Rhysida ransomware-as-a-service group. Rhysida claimed responsibility on May 20, 2025 by listing FLASS on its dark-web leak site and demanded a ransom of approximately six Bitcoin, worth approximately $639,000 at the time. The threat actor threatened to publish stolen patient data including Social Security numbers, medical records, and passport information. FLASS reported the breach to the FBI and to the U.S. Department of Health and Human Services on July 9, 2025.

The breach affected approximately 10,000 individuals per the formal HHS notification, with breach-tracking services indexing approximately 26,000 records that may reflect the broader stolen archive. Compromised fields included names, dates of birth, contact information, Social Security numbers, home addresses, email addresses, phone numbers, and limited medical and billing information. As a pulmonary, asthma, and sleep medicine practice, the underlying records exfiltrated by the attackers also include sleep-study results, pulmonary-function tests, respiratory diagnoses, and treatment histories typical of a specialty respiratory practice.

For affected patients, the practical risk profile combines identity-fraud exposure with respiratory-care-specific risks. The combination of name, address, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms a pulmonary or sleep-disorder care relationship and may reference specific diagnoses such as sleep apnea, COPD, or asthma management, which can support medical-themed phishing referencing real treatments or insurance claims. Patients with sleep apnea diagnoses are a particular concern because such diagnoses can affect commercial driver's license and FAA medical certification status, raising additional employment and licensing-related risk. Affected individuals should freeze credit at all three U.S. bureaus, monitor health-insurance statements, and treat unsolicited contact referencing FLASS, sleep studies, or respiratory care with caution.

Pulmonary care providers collect patient identity, contact, insurance, billing, appointment, and treatment records across respiratory and clinical care workflows.

Florida Lung, Asthma & Sleep Specialists experienced a network intrusion in May 2025 that was first identified through dark-web monitoring on May 20, 2025 when the Rhysida ransomware-as-a-service group claimed responsibility on its dark-web leak site. Rhysida demanded a ransom of approximately six Bitcoin, worth approximately $639,000 at the time, threatening to publish stolen patient data if payment was not made. FLASS reported the breach to the FBI and to the U.S. Department of Health and Human Services on July 9, 2025, and began notifying affected patients. The practice has not extensively detailed whether it paid the ransom. Class-action investigations by U.S. plaintiff law firms began organizing in mid-2025. Rhysida has been an active threat actor in the U.S. healthcare sector throughout 2025, with confirmed victims also including Cookeville Regional Medical Center, Heart South Cardiovascular Group, MedStar Health, MACT Health Board, and Spindletop Center.