Security Breaches

ApolloMD’s May 2025 Ransomware Attack Affected 626,500 Patients

By Daniel Lopez

ApolloMD sent confirmation to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) that the May 2025 ransomware attack involved unauthorized access to electronic protected health information (ePHI) and affected 626,500 patients.

ApolloMD discovered the attack on May 22, 2025, but completed the investigation and breached data analysis on February 2, 2026, after 9 months since the attack. It announced the attack earlier in September 2025 without mentioning the number of affected entities. But as a business associate to HIPAA-covered entities, ApolloMD began notifying the affected partner physicians and practices that use its services about the incident.

The Qilin ransomware group claimed that it is responsible for the attack and published five screenshots of files on its dark web leak portal on June 12, 2025. The screenshots did not include patient information, yet Qilin stated it obtained 238 GB of data.

ApolloMD reported that the the breached data included the following types of information: birth dates, addresses, diagnoses, names of providers, dates of service, treatment data, medical insurance details, and the Social Security numbers of some individuals. Patients received breach notifications on September 17, 2025.

ApolloMD published a substitute breach notice on its website on September 29, 2025. It did not mention the cause of the incident, if it’s a ransomware attack or if files were encrypted, or if a ransom was demanded. The substitute notice listed the physician and practices affected by the incident, which included

  • Broad River Physicians Group, LLC
  • Aurora Emergency Physicians, LLC
  • Passaic Hospitalist Services, LLC
  • Pensacola Hospitalist Physicians, LLC
  • Olive Branch Emergency Physicians, LLC
  • Passaic River Physicians, LLC
  • Methodist University Emergency Physicians, PLLC
  • Lorain Emergency Physicians, LLC
  • Trinity Emergency Physicians, LLC
  • Pennsylvania Hospitalist Group, LLC.
  • The Bortolazzo Group, LLC

As an active ransomware group in the past four or five months from August 2025, the Qilin group had more than double the number of victims of the top two most active ransomware groups. The exact details are not certain since ransomware groups often make up claims posted on their data leak sites.

Image credit: InfiniteFlow, Adobestock / logo©ApolloMD

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Daniel Lopez

Daniel Lopez is the HIPAA trainer behind HIPAA Coach and the HIPAA subject matter expert for NetSec.news. Daniel has over 10 years experience as a HIPAA coach. Daniel provides his HIPAA expertise on several publications including Healthcare IT Journal and The HIPAA Guide. Daniel has studied Health Information Management before focusing his career on HIPAA compliance and protecting patient privacy. You can follow Daniel on Twitter / X https://twitter.com/DanielLHIPAA

Related News

HHS-OIG Gives Recommendations to address Web Application Security issues

Granite Wellness Centers Pays $725,000 to Settle Data Breach Litigation