Mid-South Pulmonary Data Breach Exposes PHI and PII

Published
July 8, 2026
Updated
July 8, 2026
Mid-South Pulmonary Data Breach Exposes PHI and PII
Mid-south Pulmonary & Sleep Specialists
Affected by the data breach? You may be entitled to compensation. Submit a claim today.

Mid-South Pulmonary & Sleep Specialists P.C., a Memphis-based pulmonary, critical care and sleep medicine practice, disclosed a data breach involving unauthorized access to patient information stored in its computer systems.

On Nov. 2, 2025, the company detected unauthorized activity within its network, leading to an investigation with the help of third-party forensic experts. The investigation confirmed that protected health information may have been accessed without authorization in connection with the incident.

A ransomware group known as Anubis claimed responsibility for the attack. On Nov. 28, 2025, the group posted on the dark web via the Tor network that it had obtained the organization's internal data. The group claimed to possess names, dates of birth, addresses, phone numbers, Social Security numbers, medical records and diagnostic details.

The company's review of the affected fils confirmed that the breach exposed both personally identifiable information and protected health information including first and last names, addresses, dates of birth, dates of service, driver's license or state ID numbers, financial account information, health insurance information, medical diagnosis information, medical history, medical provider names, medical record numbers, medical treatment information, Medicare/Medicaid numbers, mental or physical condition information, other patient identifiers, patient account numbers, prescription information and Social Security numbers.

The company posted a notice about the incident on its website on June 22, 2026, and began notifying potentially affected patients by U.S. mail.

Mid-South Pulmonary & Sleep Specialists' response to the breach

Mid-South Pulmonary & Sleep Specialists has established a dedicated toll-free call center at 833-925-1493 to answer questions and address concerns about the incident. The call center is available from 8 a.m. to 8 p.m. Eastern time, Monday through Friday, excluding holidays.

Individuals may also contact the company by email at cyberincident@mspulmonary.com or by writing to 5050 Poplar Ave., Suite 800, Memphis, TN 38157. Those who believe they may have been affected are encouraged to reach out for more information.

SUBMIT YOUR CLAIM TO THE LAW FIRM HANDLING THIS INVESTIGATION

Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info
  • Affected information types not yet disclosed

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Consumers Notification date
Date of Breach
Breach Discovered Date
November 2, 2025
Total People Affected
Information Types Exposed
  • First and last name
  • Address
  • Date of birth
  • Date of service
  • Driver’s license or state ID number
  • Financial account information
  • Health insurance information
  • Medical diagnosis information
  • Medical history
  • Medical provider
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image