In a significant cybersecurity incident, ApolloMD, a provider of healthcare management services, faced a data breach in May 2025, compromising the personal information of over 626,000 individuals. This breach highlights ongoing vulnerabilities in the healthcare sector.
Details of the Breach
The cyberattack occurred over two days, from May 22 to May 23, 2025. During this time, unauthorized access was gained to files containing personally identifiable information (PII) and protected health information (PHI) related to affiliated physicians and their practices. The breach included sensitive data such as names, addresses, and dates of birth, along with medical and insurance details.
ApolloMD disclosed that, in some cases, Social Security numbers were also exposed. This information was revealed in a notice published on the company’s website, warning affected individuals of the potential risks associated with the breach.
Response and Notifications
By September 2025, ApolloMD had informed the affected physicians and practices about the breach. The company also began mailing notifications to the impacted individuals, offering free credit monitoring services to help mitigate potential identity theft risks.
The U.S. Department of Health and Human Services added ApolloMD to its data breaches portal, confirming that 626,540 individuals were affected by the breach. This inclusion underscores the significant impact of the incident.
Perpetrators and Company Overview
While ApolloMD has not provided specific details about the perpetrators, the Qilin ransomware group reportedly listed the company on its leak site in June 2025. This suggests a possible connection to the attack, although official confirmation is pending.
Based in Atlanta, Georgia, ApolloMD offers integrated physician and practice management services across 18 states, collaborating with over 2,500 physicians and advanced practice clinicians. The company manages more than 125 practices, emphasizing the broad scope of its operations.
The breach at ApolloMD serves as a stark reminder of the critical importance of robust cybersecurity measures in safeguarding sensitive health information. As the investigation continues, affected individuals and affiliated practices remain vigilant about the potential implications of this data exposure.
