Cyber attack on Florida Physician Specialists impacted over 275,000 patients

Florida Physician Specialists has notified the Maine Attorney General’s office that a ransomware attack targeting its systems in November impacted the data of more than 275,000 patients.

 

The Jacksonville, FL-based multi-specialty private physician practice first announced the data breach in notification letters sent to affected patients on 24 April and in a data security incident notice published on its website.

 

The healthcare practice, which runs the McIver, Kasraeian and Radiation oncology divisions through eight clinics in Jacksonville, Florida, said the data security incident was discovered in late November, following which it launched an investigation with help from external cyber security experts to determine the nature and scope of the cyber attack.

 

Florida Physician Specialists said it completed its investigation into the data security incident on 6 April, and was able to confirm that threat actors had exfiltrated patients’ personal, financial and healthcare information from compromised systems.

 

The compromised information included patients’ full names, Social Security numbers, driver’s license numbers or state identification numbers, other government identification numbers, financial account information, credit or debit card information, medical information, and/or health insurance policy information.  
 
"To date, we are not aware of any reports of identity fraud or improper use of any information as a direct
result of this incident. Out of an abundance of caution, we provided written notification of this incident
commencing on or about April 24, 2026, to all those potentially impacted to the extent we had a last known
home address," the healthcare practice said.

 

Florida Physician Specialists notified the U.S. Department of Health and Human Services’ Office for Civil Rights that the data security incident compromised the information of approximately 276,498 patients.  

 

"Please accept our apologies that this incident occurred. We are committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it," the healthcare practice said. "We continually evaluate and modify our practices and internal controls to enhance the security and privacy of personal information."

 

At the time of reporting, no ransomware group has claimed responsibility for hacking into Florida Physician Specialists’ systems and exfiltrating sensitive patient information. The healthcare practice did not mention how long the threat actors accessed its systems or whether ransomware was involved.

 

The practice has urged all affected patients to enroll in complimentary credit monitoring services, monitor their credit reports for fraudulent activity, and take steps to safeguard against medical identity theft. It has also set up a dedicated hotline to respond to affected patients’ concerns related to the data breach incident.