Over 626,000 individuals were impacted by a May 2025 cyberattack at healthcare physician and practice management services provider ApolloMD.
The incident occurred between May 22 and May 23 and involved access to files containing personally identifiable information (PII) and protected health information (PHI) pertaining to affiliated physicians and practices.
In an incident notice on its website, the company revealed that the hackers stole names, addresses, dates of birth, diagnostic details, provider names, dates of service, treatment information, and health insurance information.
“For some individuals, the incident may have also involved their Social Security numbers,” ApolloMD’s notice reads (PDF).
By September 2025, the company had notified the affiliated physicians and practices of the incident and had started mailing notification letters to the impacted individuals, providing them with free credit monitoring services.
This week, the US Department of Health and Human Services listed the firm on its data breaches portal, revealing that 626,540 individuals were impacted.
ApolloMD has not shared details on the threat actor responsible for the attack, but the Qilin ransomware group added the company to its Tor-based leak site in early June 2025.
Based in Atlanta, Georgia, ApolloMD provides integrated, multispecialty physician, practice, and advanced practice clinician (APC) management services to over 125 practices across 18 states. It works with more than 2,500 physicians and APCs.
Related: Crunchbase Confirms Data Breach After Hacking Claims
Related: Under Armour Looking Into Data Breach Affecting Customers’ Email Addresses
Related: 750,000 Impacted by Data Breach at Canadian Investment Watchdog
Related: Central Maine Healthcare Data Breach Impacts 145,000 Individuals
