Bortolazzo Group Data Breach Affects Multiple Patients

The Bortolazzo Group, LLC, a Georgia-based medical practice specializing in emergency medicine and pediatrics, experienced a data breach. The cyberattack occurred when an unauthorized actor gained access to the IT network of ApolloMD Business Services LLC, a third-party billing services provider affiliated with The Bortolazzo Group and several other medical groups.

The incident was first discovered on May 22, 2025, after unusual activity was observed in ApolloMD’s internal systems. An investigation revealed that the breach occurred between May 22 and May 23, 2025, when files containing sensitive patient information were potentially accessed.

The total number of affected individuals has not been released but is believed to include thousands of patients from multiple physician practices. Compromised information included names, Social Security numbers, dates of birth, addresses, diagnosis information, provider names, dates of service, treatment information and health insurance information.

ApolloMD published a Notice of Data Security Incident on its website, listing the medical groups involved in the cybersecurity incident. The company began notifying impacted individuals by mail on Sept. 17, 2025.

The Bortolazzo Group's response

Upon discovering the breach, The Bortolazzo Group, through its partner ApolloMD, secured affected systems and notified law enforcement. Patients whose Social Security numbers were compromised are being offered free credit monitoring services.

If you receive a data breach notice from ApolloMD, The Bortolazzo Group or a hospital you received treatment at, you may want to:

• Sign up for the free credit monitoring services, if offered.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

ApolloMD has also set up dedicated, toll-free incident response line (833-397-6797) is available Monday through Friday, 8 a.m. to 8 p.m. Eastern Time, to answer questions and provide support to individuals that believe they may be involved in the data breach.