Florida Physician Specialists Breach Exposes SSNs and Medical Data of 47 Maine Residents

Context: The practice, based in Jacksonville, Florida, detected the breach after reviewing logs and concluded its investigation on April 6, 2026. Notice was filed with the Maine Attorney General on April 25, 2026, and affected individuals were mailed notification letters on April 24, 2026.

Key Facts: Exposed data elements are full names plus one or more of: Social Security number, driver’s license number, state ID, financial account information, credit or debit card details, medical information, and health insurance policy data. The company is offering free Equifax Credit Watch Gold monitoring and has set up a toll‑free line (844-558-4678) staffed weekdays 9 a.m.-9 p.m. ET.

What It Means: For the 47 individuals, the breach raises risk of identity theft and fraudulent medical billing, prompting the need for immediate credit monitoring and vigilance over financial statements. For healthcare organizations, it underscores the sensitivity of combined personal and health data and the regulatory scrutiny that follows multi‑state disclosures.

Mitigations: Organizations should enforce multi‑factor authentication on all remote access points, patch external‑facing services promptly (refer to CISA KEV catalog for known exploited vulnerabilities), and segment networks to limit lateral movement (MITRE ATT&CK T1021). Deploying privileged‑access monitoring and detecting anomalous login patterns (MITRE ATT&CK T1078) can help catch intrusions early. Regularly test incident‑response plans and ensure breach‑notification timelines align with state laws.

What to watch next: Regulators may issue guidance on safeguarding health‑adjacent personal data, and affected individuals should monitor for any unauthorized credit inquiries or medical claims in the coming months.