Broad River Data Breach Exposes Patient Info

Broad River Physicians Group, LLC, a healthcare organization specializing in emergency medicine in South Carolina, experienced a data breach. The medical group discovered the cybersecurity incident on May 22, 2025.

An investigation determined that a unauthorized actor gained access to the IT systems at ApolloMD Business Services, an affiliated business associate providing administrative services, between May 22, 2025 and May 23, 2025. A review took place and on Sept. 11, 2025 revealed that files containing personally identifiable information (PII) and protected health information (PHI) were accessed.

Information compromised in the cyberattack included names, dates of birth, Social Security numbers, addresses, diagnosis information, provider names, dates of service, treatment information and health insurance information. The combination of PII and PHI exposure raises the potential for identity theft and insurance fraud.

Broad River Physicians Group began notifying impacted individuals by mail on Sept. 18, 2025. The total number of affected individuals has not been released, but is believed to be in the thousands.

Broad River Physicians Group's response

In response to the breach, Broad River Physicians Group initiated an internal investigation and worked to secure their systems. The organization has notified affected individuals in accordance with regulatory requirements, providing information about the types of data exposed and recommended steps to protect against misuse.

If you receive a data breach from Broad River Physicians Group or a healthcare facility you've been treated at, you may want to:

• Carefully review any notice or communication you receive from the medical group.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.