ApolloMD Data Breach Exposes 238GB of Patient Info Including Social Security Numbers

Between May 22 and May 23, 2025, ApolloMD Business Services (“ApolloMD”) experienced a data breach that exposed sensitive information belonging to patients treated by its affiliated physicians and practices. The incident was first detected on May 22, 2025, when ApolloMD’s IT team noticed unusual activity within its network.

The breach was the result of a ransomware attack claimed by the Qilin group, who posted about the incident on a dark web forum on June 12, 2025. Qilin claimed to have stolen 238 GB of data, including documents such as a tax certificate, negotiation notice, email notice, daily reconciliation worksheet and a bank deposit slip. The attackers gained unauthorized access to ApolloMD’s IT systems, potentially accessing and acquiring files containing both personally identifiable information (PII) and protected health information (PHI).

The types of information exposed in the breach include names, dates of birth, addresses, diagnosis information, provider names, dates of service, treatment information, health insurance information and, for some individuals, Social Security numbers. This combination of PII and PHI increases the risk of identity theft and medical fraud for those affected.

The breach affected patients treated by ApolloMD’s affiliated physician practices, including but not limited to Passaic Hospitalist Services LLC, Pensacola Hospitalist Physicians LLC, Broad River Physicians Group LLC, Olive Branch Emergency Physicians LLC, Aurora Emergency Physicians LLC, Passaic River Physicians LLC, The Bortolazzo Group LLC, Methodist University Emergency Physicians PLLC, Trinity Emergency Physicians LLC, Lorain Emergency Physicians LLC and Pennsylvania Hospitalist Group LLC.

On Sept. 17, 2025, ApolloMD began mailing notification letters to patients whose information may have been involved in the incident. The company also posted a detailed notice about the breach on its website.

ApolloMD's response

After discovering the breach, ApolloMD immediately secured its systems, launched an internal investigation and engaged a third-party cybersecurity firm to assist in identifying the scope and impact of the incident. Law enforcement was also notified to support the ongoing investigation.

For those whose Social Security numbers were affected, ApolloMD is offering complimentary credit monitoring services. The company has set up a dedicated, toll-free incident response line at 833-397-6797, available Monday through Friday from 8 a.m. to 8 p.m. Eastern Time, except major U.S. holidays, to answer questions and provide support to affected individuals.

ApolloMD recommends that all patients review statements from their healthcare providers and health insurance plans. Any unfamiliar services or charges should be reported to the provider or insurer immediately. Since both PII and PHI were exposed, individuals should remain vigilant for signs of identity theft or medical fraud, such as unexpected bills or denials of insurance claims.

In response to the severity of the ransomware attack and the sensitive nature of the data involved, ApolloMD has implemented enhanced security protocols and additional technical safeguards to help prevent similar incidents in the future.