In a concerning trend for healthcare security, two healthcare providers have publicly revealed data breaches that have compromised sensitive patient information. All About Women’s Care, a practice specializing in obstetrics and gynecology located in Englewood, Colorado, confirmed that unauthorized access was gained to its network when an individual exploited stolen employee VPN credentials. This breach affected approximately 12,000 patients. Similarly, Mid-South Pulmonary Sleep Specialists, a pulmonary and sleep medicine provider based in Memphis, Tennessee, identified unusual activity on its network in November 2025, which led to unauthorized access and potential data theft attributed to the Anubis ransomware group.
The breach at All About Women’s Care was brought to light when suspicious activities were detected involving an employee’s VPN account. Subsequent investigations conducted by third-party cybersecurity experts corroborated that an attacker had indeed acquired valid credentials. This access allowed the individual to infiltrate the network environment, prompting a comprehensive review of compromised files which concluded on June 5, 2026. The analysis revealed the extent of the breach and indicated that various critical patient data was illicitly acquired.
The case in Tennessee unfolded differently. On November 2, 2025, Mid-South Pulmonary Sleep Specialists reported unusual network activity, which led to immediate precautionary measures being taken. The practice swiftly secured its systems with the help of cybersecurity professionals, recognizing the severity of the situation. Despite the intervention, sensitive data was potentially compromised, leading to rising fears among the affected patients.
Both incidents underscore the critical nature of the compromised health data, which included not only personal identifiers such as names, dates of birth, and Social Security numbers but also extensive medical information. All About Women’s Care disclosed that the stolen data encompassed clinical treatment records, lab results, prescription details, ultrasound images, and health insurance data, putting those patients at risk for identity theft and fraud. Mid-South Pulmonary Sleep Specialists also acknowledged the serious nature of their breach, indicating that the exposed data may have variably included names, addresses, Medicare and Medicaid numbers, financial information, and medical diagnoses. The Anubis ransomware group subsequently claimed responsibility for the attack, marking another example of the dangers posed by cybercriminals in the healthcare sector.
The magnitude and nature of these breaches reflect broader vulnerabilities in healthcare IT security frameworks, highlighting the ever-present threats posed by credential theft and ransomware attacks. All About Women’s Care has moved to report this significant incident to the Department of Health and Human Services Office for Civil Rights, confirming the number of affected patients at around 12,000. In contrast, despite the completion of their data review on May 18, 2026, Mid-South Pulmonary Sleep Specialists has not yet disclosed the total number of patients impacted nor has the incident made an entry into the HHS breach portal.
In the wake of these breaches, both healthcare providers are taking substantial steps to remediate the situation. All About Women’s Care is actively collaborating with cybersecurity professionals to bolster its security measures, while also reviewing and updating its data privacy and security policies. Mid-South Pulmonary Sleep Specialists has fulfilled its obligation to report the incident to regulatory authorities. Patients affected by these breaches have been urged to stay vigilant, closely monitor their financial accounts for any suspicious activity, and consider enrolling in credit monitoring services to mitigate the potential fallout from these significant breaches. They are also warned about the increased risks of identity theft or fraudulent activities involving their compromised medical and financial records.
The implications of these data breaches extend beyond immediate security concerns; they raise questions about the robust action that healthcare organizations must take to protect sensitive information. As the industry grapples with the growing threat landscape, a renewed focus on cybersecurity measures and patient welfare will be paramount in fostering trust within the healthcare ecosystem. The incidents serve as a stark reminder of the vulnerability of healthcare systems and the potential consequences of inadequate security protocols.
For further details, one can refer to the source: HIPA Journal.
