Passaic River Physicians Data Breach Affects Patient PHI and PII

Passaic River Physicians LLC, a medical group specializing in inpatient hospital care, experienced a major data breach. The cyberattack was first detected on May 22, 2025, when ApolloMD Business Services, an affiliated company providing administrative services, noticed unusual activity within its internal computer network.

An investigation determined that a cybercriminal gained access to ApolloMD’s systems between May 22 and May 23, 2025. The Qilin ransomware group claimed responsibility for the attack, which involved the theft of files containing both personally identifiable information (PII) and protected health information (PHI).

This combination of hacked data increases the risk of identity theft and medical fraud for patients. The files contained information for patients treated by ApolloMD’s affiliated physicians and practices, including Passaic River Physicians.

Exposed information included names, dates of birth, Social Security numbers, addresses, diagnosis information, provider names, dates of service, treatment information, and health insurance information. The total number of affected patients has not been released, but is believed to be in the thousands.

On Sept. 17, 2025, notification letters began going out to patients whose information may have been involved in the incident. ApolloMD also published a notice of data security incident on its website.

Passaic River Physicians' response

Upon discovering the breach, ApolloMD and Passaic River Physicians acted to secure their systems and notified law enforcement. Free credit monitoring is being offered to patients whose Social Security numbers may have been exposed in the data breach.

If you received a data breach notice from ApolloMD, Passaic River Physicians or a hospital you received treatment at, you may want to:

• Sign up for the free credit monitoring services, if offered.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

ApolloMD has also set up dedicated toll-free incident response line has been set up at 833-397-6797, available Monday through Friday from 8 a.m. to 8 p.m. Eastern time.