Cyber attack on ApolloMD impacted over 625,000 patients

A major cyber attack on U.S.-based healthcare company ApolloMD in May 2025 compromised detailed personal and healthcare information of more than 625,000 patients.

 

The healthcare company, headquartered in Atlanta, Georgia, partners with hospitals and health systems to provide comprehensive services designed to enhance clinical operations, improve patient care, and optimize financial performance.

 

ApolloMD said in a recent disclosure with the Office for Civil Rights of the U.S. Department of Health and Human Services that the cyber attack affected the data of approximately 626,540 individuals. The data security incident involved unauthorised third parties gaining access to the company’s network between May 22, 2025 and May 23, 2025 and exfiltrating files that contained patient data.

 

"While in the IT environment, the unauthorised party may have accessed and/or acquired files that contain information for patients treated by ApolloMD’s affiliated physicians and practices," the healthcare company said in a previously-published security incident notice. 

 

"The information involved varied by patient and includes names in combination with one or more of the following: dates of birth, addresses, diagnosis information, provider names, dates of service, treatment information, and/or health insurance information. For some individuals, the incident may have also involved their Social Security numbers."

 

"We take this incident very seriously and sincerely regret any concern this may cause. To help prevent
something like this from happening again, we have implemented enhanced security protocols and additional
security measures," the company added.

 

ApolloMD said it notified physician practices it manages about the data security incident between July 21 and September 11, 2025, and from September 17, began mailing incident notification letters to all the affected individuals.

 

According to Health Exec magazine, the data security incident at ApolloMD impacted at least eleven healthcare practices, including Passaic Hospitalist Services, Pennsylvania Hospitalist Group, Pensacola Hospitalist Physicians, Aurora Emergency Physicians, Methodist University Emergency Physicians and Trinity Emergency Physicians.