Passaic Hospitalist Services Data Breach Impacts Patient Data

Passaic Hospitalist Services LLC, a New Jersey-based medical group specializing in inpatient hospital care, experienced a major data breach. The cyberattack was first detected on May 22, 2025, when ApolloMD Business Services LLC, an affiliated business associate providing administrative services, noticed unusual activity within its IT environment.

An investigation determined that an unauthorized actor had gained access to ApolloMD’s systems between May 22 and May 23, 2025. The Qilin ransomware group claimed responsibility for the attack, which involved the theft of files containing both personally identifiable information (PII) and protected health information (PHI). This combination of hacked data increases the risk of identity theft and medical fraud for patients.

The files contained information for patients treated by ApolloMD’s affiliated physicians and practices, including Passaic Hospitalist Services. Exposed information included names, dates of birth, Social Security numbers, addresses, diagnosis information, provider names, dates of service, treatment information, and health insurance information.

On Sept. 17, 2025, notification letters began going out to patients whose information may have been involved in the incident. According to the official notice of data security incident, the breach affected multiple affiliated physician groups, not just Passaic Hospitalist Services.

Passaic Hospitalist Services' response

Upon discovering the breach, ApolloMD acted to secure their systems and notified law enforcement. The company is offering free credit monitoring to patients whose Social Security numbers may have been exposed in the data breach.

If you receive a data breach notice from ApolloMD, Passaic Hospitalist Services or a hospital you received treatment at, you may want to:

• Sign up for the free credit monitoring services, if offered.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

The healthcare organization has also set up dedicated toll-free incident response line has been set up at 833-397-6797, available Monday through Friday from 8 a.m. to 8 p.m. Eastern time.