"The incident occurred between May 22 and May 23 and involved access to files containing personally identifiable information (PII) and protected health information (PHI) pertaining to affiliated physicians and practices. In an incident notice on its website, the company revealed that the hackers stole names, addresses, dates of birth, diagnostic details, provider names, dates of service, treatment information, and health insurance information."
""For some individuals, the incident may have also involved their Social Security numbers," ApolloMD's notice reads ( PDF). By September 2025, the company had notified the affiliated physicians and practices of the incident and had started mailing notification letters to the impacted individuals, providing them with free credit monitoring services. This week, the US Department of Health and Human Services listed the firm on its data breaches portal, revealing that 626,540 individuals were impacted."
A cyberattack on ApolloMD occurred May 22–23, 2025, exposing files containing personally identifiable information (PII) and protected health information (PHI) related to affiliated physicians and practices. Stolen data included names, addresses, dates of birth, diagnostic details, provider names, dates of service, treatment information, and health insurance information. For some individuals, Social Security numbers may have been involved. By September 2025, affiliated physicians and practices were notified and impacted individuals began receiving mailed notification letters with free credit monitoring services. The US Department of Health and Human Services listed ApolloMD on its breach portal showing 626,540 affected individuals. The Qilin ransomware group added ApolloMD to its Tor-based leak site in early June 2025. ApolloMD, based in Atlanta, serves over 125 practices across 18 states and works with more than 2,500 physicians and advanced practice clinicians.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]