Pennsylvania Hospitalist Group patients impacted by ApolloMD cybersecurity breach

Pennsylvania Hospitalist Group, LLC, a medical practice specializing in emergency medicine, has confirmed that patient data was exposed in a cybersecurity incident tied to its billing services provider, ApolloMD Business Services. The breach was discovered on May 22, 2025, after ApolloMD identified unusual activity in its computer systems, later linked to the Qilin ransomware group.

An investigation determined that an unauthorized actor accessed ApolloMD’s IT environment between May 22 and May 23, 2025. Files containing sensitive patient data were potentially viewed or stolen, affecting thousands of individuals across multiple physician practices affiliated with ApolloMD. Compromised information included names, Social Security numbers, dates of birth, addresses, diagnoses, provider names, treatment details, dates of service and health insurance information.

ApolloMD, which provides billing and business support services for hospitals and physician groups, secured its systems after the attack, engaged law enforcement and hired a third-party forensic team to assist with the investigation. The company began mailing notification letters to affected patients on September 17, 2025, and published a Notice of Data Security Incident on its website.

Patients whose Social Security numbers were involved are being offered free credit monitoring services. ApolloMD also established a dedicated toll-free incident response line at 833-397-6797, available weekdays from 8 a.m. to 8 p.m. Eastern Time, to assist individuals who may have been impacted.

The total number of affected patients has not been disclosed, though officials believe it includes individuals from Pennsylvania Hospitalist Group and other affiliated practices. The company urged patients to carefully monitor statements from their healthcare providers and insurance plans, and to immediately report any unauthorized services.

Security experts caution that individuals receiving breach notifications should remain vigilant for suspicious activity. Recommended steps include signing up for credit monitoring if offered, reviewing financial accounts and credit reports for unusual activity, being alert to phishing attempts and considering placing a fraud alert or credit freeze with major credit bureaus.

ApolloMD said it has implemented enhanced security protocols and additional safeguards to prevent similar incidents in the future.