Mid-Florida Pathology

Mid-Florida Pathology (MFP) is a United States-based provider of pathology services, operating within the medical and healthcare sector. The organization's core function involves the analysis of tissue, cell, and fluid samples to aid in disease diagnosis and patient care, serving physicians, hospitals, and other medical facilities. While its specific geographic footprint within the U.S. and the precise scale of its operations are not detailed in the available information, its inclusion among multiple U.S. medical entities in a documented cyber incident confirms its operational presence within the American healthcare system. The nature of its work inherently involves handling highly sensitive patient data, including personally identifiable information and protected health information, positioning it within a critical segment of the national health infrastructure that is frequently targeted by cyber threat actors.

The organization is notably distinguished by its experience as a victim of a sophisticated ransomware attack in late 2020. On or around November 22, 2020, MFP was compromised by the Pysa threat actor group, which deployed the Mespinoza ransomware variant. This attack resulted in both the encryption of the organization's systems and the exfiltration of sensitive data, specifically including Social Security numbers and detailed medical histories. Following the attack, the perpetrators listed MFP on a public dark web leak site as a non-paying victim, a common extortion tactic used to pressure organizations into paying ransoms to prevent data publication. A significant and distinguishing aspect of this incident, compared to some other healthcare entities targeted in the same campaign, was MFP's failure to disclose the breach to U.S. regulators or the affected patients, despite clear evidence of data exposure. This event illustrates the persistent and aggressive targeting of the medical sector by ransomware-as-a-service operations like Pysa, where the dual threat of data encryption and public data leaks is leveraged to extract financial payments, and it highlights the variable responses among victim organizations regarding regulatory and patient notification obligations. The incident serves as a documented case study in the cybersecurity challenges facing medical service providers, particularly regarding data protection, incident response transparency, and the operational tactics of modern ransomware groups.