.png)
Methodist University Data Breach Affects Patient PII & PHI
Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info
Methodist University Emergency Physicians, PLLC, an emergency medicine group based in Memphis, Tenn., experienced a cyberattack. On May 22, 2025, ApolloMD Business Services, a company providing administrative services to the medical group, discovered suspicious activity in its IT environment. An investigation determined that an unauthorized actor compromised patient files between May 22 and May 23, 2025.
Exposed information included names, dates of birth, Social Security numbers, addresses, diagnosis information, provider names, dates of service, treatment information and health insurance information. This combination of PII and PHI increases the risk of identity theft and medical fraud.
The data breach involved patients who received care from Methodist University Emergency Physicians and other medical practices affiliated with ApolloMD. The company began notifying impacted individuals on Sept. 17, 2025.
ApolloMD also published a Notice of Data Security Incident on its website. The data breach is believed to involve several thousand patients.
Methodist University Emergency Physicians' response
In response to the breach, ApolloMD notified law enforcement and implemented enhanced security protocols. The company is also offering free credit monitoring services to impacted patients whose Social Security numbers were compromised.
If you receive a data breach notice from ApolloMD, Methodist University Emergency Physicians or a hospital you received treatment at, you may want to:
- Sign up for the free credit monitoring services, if offered.
- Monitor your credit reports and financial accounts for any unusual activity.
- Be alert for phishing emails or phone calls that may use your exposed information.
- Consider placing a fraud alert or credit freeze with major credit bureaus.
ApolloMD has also established an incident response line to answer questions, or for individuals that believe they may have been involved in the data breach, at 833-397-6797, Monday through Friday, between 8 a.m. and 8 p.m. Eastern Time.
Protect Your Data
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.
Data Breach Settlements
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
.webp)
What to Read Next
Subscribe to our weekly class actions newsletter.
.svg)