SomnoSleep Data Breach Exposes Sensitive Patient Info

On July 29, 2025, SomnoSleep Consultants, LLC, a medical practice specializing in ENT and sleep medicine in Northern Virginia, was impacted by a data breach involving its third-party billing vendor, Avosina Healthcare Solutions. The information exposed included personally identifiable information (PII) and protected health information (PHI).

This breach was the result of a ransomware attack, reportedly carried out by the Qilin group, which compromised parts of Avosina’s computer system. Although Avosina was able to restore its services from backups, an investigation determined that an unknown threat actor had accessed certain document files and applications.

SomnoSleep Consultants was notified of the incident on Sept. 29, 2025, and received further information on Nov. 17, 2025, identifying that a limited number of their patients were affected. The information exposed potentially includes patient names, addresses, phone numbers, medical information, and protected health information.

The exposure of PII and PHI puts current and former patients at risk of identity theft and medical fraud.

So far, 913 individuals in the United States were impacted by this breach, according to the U.S. Department of Health and Human Services breach portal. However, the investigation is ongoing and the number of impacted individuals is subject to change. The company also posted a notice of data security incident on its website.

SomnoSleep Consultants' Response

Following the breach, Avosina worked with investigators and cybersecurity experts to determine the scope of the incident and implemented additional security measures. Avosina also notified the Federal Bureau of Investigation and reviewed internal data management protocols to strengthen future protections. Patients whose information may have been affected were notified directly in writing.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from SomnoSleep Consultants or Avosina Healthcare Solutions.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.