Avosina Healthcare Solutions, a physician-owned revenue cycle management and healthcare IT services provider, suffered a significant data breach in July 2025. An unknown threat actor, later identified as the ransomware group Qilin, compromised parts of their system, exfiltrating document files and applications tied to SomnoSleep Consultants, LLC a third-party client. The breach exposed sensitive personally identifiable information (PII), including patient names, addresses, medical records, and health insurance details. Qilin claimed responsibility and leaked details on the dark web in August 2025, while Avosina notified affected parties in September and November 2025. The incident posed risks of identity theft, financial fraud, and unauthorized access to protected health information (PHI), prompting legal investigations for potential compensation claims. Patients were advised to monitor accounts, enroll in identity theft protection, and seek legal recourse for damages, including emotional distress and out-of-pocket expenses.
Source: https://www.claimdepot.com/investigations/avosina-data-breach-2025
TPRM report: https://www.rankiteo.com/company/avosina-healthcare-solutions
"id": "avo5620956112525",
"linkid": "avosina-healthcare-solutions",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Avosina Healthcare Solutions',
'type': 'Healthcare IT Services Provider'},
{'customers_affected': 'Patients (number unspecified)',
'industry': 'Healthcare',
'name': 'SomnoSleep Consultants, LLC',
'type': 'Client (Third-Party Billing)'}],
'customer_advisories': ['Monitor accounts for unauthorized activity',
'Consider fraud alerts/credit freezes',
'Legal options available for compensation'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Document files'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII and protected health '
'information)',
'type_of_data_compromised': ['Patient names',
'Addresses',
'Medical information',
'Health insurance information']},
'date_detected': '2025-07-29',
'date_publicly_disclosed': '2025-09-29',
'description': 'Avosina Healthcare Solutions, a physician-owned revenue cycle '
'management and healthcare IT services provider, experienced a '
'significant data breach in July 2025. An unknown threat actor '
'compromised parts of their computer system, exfiltrating '
'document files and applications belonging to SomnoSleep '
'Consultants, a third-party client. The ransomware group Qilin '
'claimed responsibility and posted details on the dark web. '
'Sensitive personally identifiable information (PII), '
'including patient names, addresses, medical records, and '
'health insurance details, was exposed. Affected individuals '
'may be eligible for compensation and are advised to monitor '
'accounts, place fraud alerts, and seek legal assistance.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive healthcare data',
'data_compromised': True,
'identity_theft_risk': 'High (PII exposed)',
'legal_liabilities': 'Potential lawsuits for compensation (e.g., '
'reimbursement, emotional distress)',
'operational_impact': 'Services restored using backups; '
'investigation ongoing',
'systems_affected': ['Document files',
'Applications (SomnoSleep Consultants)']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ["SomnoSleep Consultants' "
'customer data']},
'investigation_status': 'Ongoing (as of November 2025)',
'motivation': ['Financial Gain', 'Data Theft'],
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Qilin'},
'recommendations': ['Sign up for free identity theft protection services (if '
'offered)',
'Monitor financial accounts for suspicious activity',
'Place fraud alerts with credit bureaus',
'Request free annual credit reports',
'Seek legal help for compensation (e.g., out-of-pocket '
'expenses, emotional distress)'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'}],
'regulatory_compliance': {'legal_actions': 'Potential class-action lawsuits '
'(led by Shamis & Gentile P.A.)'},
'response': {'communication_strategy': ['Notified SomnoSleep Consultants '
'(2025-09-29)',
'Provided additional information '
'(2025-11-17)',
'Notified impacted patients by mail'],
'containment_measures': ['Restored services using backups'],
'incident_response_plan_activated': True},
'stakeholder_advisories': ['Notification to SomnoSleep Consultants '
'(2025-09-29)',
'Patient mail notifications'],
'threat_actor': 'Qilin (Ransomware Group)',
'title': 'Avosina Healthcare Solutions Data Breach (July 2025)',
'type': ['Data Breach', 'Ransomware Attack']}