Florida Physician Specialists notifies HHS of breach impacting over 250k

The imaging and lab services provider is beginning to notify the public about a large breach that took place in their network.

What happened

On April 24th, 2026, Florida Physician Specialists (FPS), a network of providers for lab testing and imaging services, as well as a research provider, confirmed they had experienced a data breach. According to what was reported to the Department of Health and Human Services (HHS), FPS stated it was a hacking incident against their network that ultimately led to the data of 276,498 individuals being accessed.

Going deeper

According to a notice published to FPS’ website, their network was accessed between November 27th, 2025, and November 29th, 2025. FPS did not state when the incident was discovered, but said that they began an investigation as soon as it was.

According to their document review, which concluded on April 6th of this year, the following information may have been accessed: full names, Social Security numbers, driver’s license numbers, other government identification numbers, financial information like credit and debit cards, and medical/insurance information. Notifications began being mailed out to individuals on April 24th, the same day the HHS was notified.

What’s next

As individuals receive their data breach notices, a class action suit may form. In the meantime, FPS stated they are “committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it.” The healthcare network also stated they will be evaluating and updating their practices to prevent an incident like this from occurring again.

The big picture

Every data breach can have a lasting impact on the people and the organization that are victimized. For patients, Paubox reports have found that breaches can cause a direct threat to patient safety because they often lead to canceled appointments or diversions to other facilities, leading to backlogs in important medical tests or procedures. Outside of the healthcare implications, having information exposed can make victims vulnerable to identity theft and fraud for the rest of their lifetime; once the data is on the dark web, it’s virtually impossible to erase it. For organizations themselves, the impact is also devastating; data breaches cost, on average, $11 million, while also leading to operational challenges while the organization recovers.

FAQs

How long does it take organizations to discover they have been attacked?

Timing varies greatly. Some organizations realize they are being actively attacked and are able to secure their systems. Other organizations may be unaware for years or until a ransom is demanded, although most organizations find out within a few months. Organizations that regularly audit and monitor their network and cybersecurity systems are more likely to quickly spot and rectify an attack. While preventing an attack is always the best option, stopping an attack in its tracks can still prevent some victims from having their data stolen and can help organizations notify victims in a timely manner.

Could FPS face any other consequences for the breach?

Outside of class action suits, it’s also possible that FPS could face fines or penalties from the Office of Civil Rights, if they believe that FPS was negligent in protecting data.