MedPeds Associates of Sarasota Hit by Ransomware Attack, Exposing Data of Over 21,000 Patients
On September 2, 2025, MedPeds Associates of Sarasota, a Florida-based medical practice specializing in preventive care and chronic disease management, detected a ransomware attack on its computer systems. The BEAST ransomware group later claimed responsibility, asserting they encrypted the organization’s data and exfiltrated 400 GB of sensitive information, which was posted on the dark web on September 16, 2025.
The breach was officially reported to the Maine Attorney General’s office on March 16, 2026, with written notifications sent to affected individuals the same day. A total of 21,430 people across the U.S. were impacted, including 15 residents of Maine.
Exposed data includes:
- Names
- Dates of birth
- Home addresses
- Phone numbers
- Patient medical records
While the BEAST group claimed to have stolen Social Security numbers, this has not been confirmed in public disclosures. The law firm Shamis & Gentile P.A. is investigating the incident on behalf of affected individuals, who may be eligible for compensation.
MedPeds Associates, operating since 2000, offers in-person and telehealth services, including a patient portal for virtual visits and billing. The practice is headquartered at 1931 S. Tuttle Ave., Sarasota, FL 34239.
Source: https://www.claimdepot.com/investigations/medpeds-associates-data-breach-2026
MedPeds cybersecurity rating report: https://www.rankiteo.com/company/medpeds
"id": "MED1773772525",
"linkid": "medpeds",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '21,430',
'industry': 'Healthcare',
'location': 'Sarasota, Florida, USA',
'name': 'MedPeds Associates of Sarasota',
'type': 'Medical Practice'}],
'customer_advisories': 'Written notifications sent to affected individuals on '
'March 16, 2026',
'data_breach': {'data_encryption': 'Yes (by ransomware)',
'data_exfiltration': 'Yes (400 GB of data posted on the dark '
'web)',
'number_of_records_exposed': '21,430',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII and medical records)',
'type_of_data_compromised': ['Names',
'Dates of birth',
'Home addresses',
'Phone numbers',
'Patient medical records',
'Social Security numbers '
'(unconfirmed)']},
'date_detected': '2025-09-02',
'date_publicly_disclosed': '2026-03-16',
'description': 'On September 2, 2025, MedPeds Associates of Sarasota, a '
'Florida-based medical practice specializing in preventive '
'care and chronic disease management, detected a ransomware '
'attack on its computer systems. The BEAST ransomware group '
'later claimed responsibility, asserting they encrypted the '
'organization’s data and exfiltrated 400 GB of sensitive '
'information, which was posted on the dark web on September '
'16, 2025. The breach was officially reported to the Maine '
'Attorney General’s office on March 16, 2026, with written '
'notifications sent to affected individuals the same day. A '
'total of 21,430 people across the U.S. were impacted, '
'including 15 residents of Maine. Exposed data includes names, '
'dates of birth, home addresses, phone numbers, and patient '
'medical records. The BEAST group claimed to have stolen '
'Social Security numbers, but this has not been confirmed in '
'public disclosures.',
'impact': {'data_compromised': '400 GB of sensitive information',
'identity_theft_risk': 'High (due to potential exposure of PII and '
'medical records)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (400 GB of data '
'posted)'},
'investigation_status': 'Ongoing (law firm investigation)',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes (400 GB of data)',
'ransomware_strain': 'BEAST'},
'references': [{'source': 'Maine Attorney General’s office'}],
'regulatory_compliance': {'legal_actions': 'Investigation by Shamis & Gentile '
'P.A. for potential compensation',
'regulations_violated': ['HIPAA (likely)'],
'regulatory_notifications': 'Reported to Maine '
'Attorney General’s '
'office on March 16, '
'2026'},
'response': {'communication_strategy': 'Written notifications sent to '
'affected individuals on March 16, '
'2026',
'third_party_assistance': 'Shamis & Gentile P.A. (law firm '
'investigating the incident)'},
'threat_actor': 'BEAST ransomware group',
'title': 'MedPeds Associates of Sarasota Hit by Ransomware Attack, Exposing '
'Data of Over 21,000 Patients',
'type': 'Ransomware'}