All About Women’s Care in Colorado has notified 12,000 patients that their data has been compromised in a data breach, and Mid-South Pulmonary Sleep Specialists in Tennessee is assessing the impact of a November 2025 ransomware attack.
All About Women’s Care, Colorado
All About Women’s Care, an Englewood, CO-based obstetrics and gynecology practice, has identified unauthorized access to its IT environment. Suspicious activity was identified involving an employee VPN account. Third-party cybersecurity experts were engaged to investigate the activity and confirmed that an unauthorized actor obtained the credentials for the VPN account and used them to access its network environment. Files were copied in the attack, the review of which was completed on June 5, 2026.
The file review confirmed that the impacted data included names, dates of birth, Social Security numbers, driver’s license numbers, other ID numbers, clinical/treatment information, lab results, prescription information, provider information, medical documents, ultrasound images, copies of identification documents (such as passports), and health insurance information.
The practice is working with cybersecurity professionals to enhance security and prevent similar incidents in the future, and policies and procedures related to data privacy and security are being reviewed. The data breach was recently reported to the HHS’ Office for Civil Rights as affecting up to 12,000 patients.
Mid-South Pulmonary Sleep Specialists, Tennessee
Mid-South Pulmonary Sleep Specialists, a Memphis, Tennessee-based pulmonary and sleep medicine practice, has started notifying certain patients about a cybersecurity incident that exposed their personal and protected health information.
Suspicious activity was identified within its computer network on November 2, 2025. The network was secured, and assisted by third-party cybersecurity experts, the practice confirmed unauthorized network access and the exposure and potential theft of patient data. The data review was completed on May 18, 2026, and revealed that a wide range of data was exposed in the incident. The types varied from individual to individual, and may have included names in combination with one or more of the following: address, date of birth, date of service, driver’s license or state ID number, financial account information, health insurance information, medical diagnosis information, medical history, medical provider name, medical record number, medical treatment information, Medicare/Medicaid number, mental or physical condition, other patient identifier, patient account number, prescription information, and/or Social Security number.
Regulators have been notified, but the incident is not yet shown on the HHS’ Office for Civil Rights website, so it is unclear how many individuals have been affected. The website breach notice does not state the nature of the attack, or for how long the threat actors had access to its network.
This appears to have been a ransomware attack, as the Anubis ransomware claimed responsibility and added Mid-South Pulmonary Sleep Specialists to its data leak site in late November 2025, along with samples of data allegedly stolen in the attack. Anubis claims that the data stolen includes patient information.
The post All About Women’s Care Data Breach Affects Up to 12,000 Patients appeared first on The HIPAA Journal.



