ApolloMD data breach impacts 626,540 people

AndyC 13 February 2026

ApolloMD data breach impacts 626,540 people

Pierluigi Paganini

ApolloMD data breach impacts 626,540 people

ApolloMD data breach impacts 626,540 people

ApolloMD data breach impacts 626,540 people

Pierluigi Paganini
February 12, 2026

A May 2025 cyberattack on ApolloMD exposed the personal data of over 626,000 patients linked to affiliated physicians and practices.

ApolloMD is a US-based healthcare services company that partners with hospitals, health systems, and physician practices. It provides practice management, staffing, revenue cycle, and administrative support services. The company works with affiliated physicians across specialties such as emergency medicine, hospital medicine, anesthesia, and radiology, helping providers manage clinical and operational functions.

ApolloMD disclosed a data breach after a May 2025 cyberattack. The security breach compromised the personal information of more than 626,000 individuals, impacting patients of affiliated physicians and medical practices served by the healthcare management provider.

According to data published by the US Department of Health and Human Services, the exact number of impacted people is 626,540.

Hackers accessed and stole sensitive data, prompting the company to notify impacted individuals.

The company detected unusual activity on May 22, 2025, and launched an investigation with the help of a forensic firm and notified law enforcement. Investigators found that an unauthorized party gained unauthorized access to its IT systems between May 22 and 23, including patient files. The exposed data varies by individual and includes names, birth dates, addresses, diagnoses, treatment details, insurance data, and in some cases Social Security numbers.

ApolloMD notified managed physician practices between July and September 2025.

“Our investigation determined that an unauthorized party accessed ApolloMD’s IT environment between May 22, 2025 and May 23, 2025. While in the IT environment, the unauthorized party may have accessed and/or acquired files that contain information for patients treated by ApolloMD’s affiliated physicians and practices. The information involved varied by patient and includes names in combination with one or more of the following: dates of birth, addresses, diagnosis information, provider names, dates of service, treatment information, and/or health insurance information. For some individuals, the incident may have also involved their Social Security numbers.” reads the notice of security breach published by the company. “On September 17, 2025, notification letters began being mailed to patients whose information may have been involved in the incident.”

ApolloMD did not publish technical details about the incident, however, the Qilin ransomware group claimed the data breach in June 2025.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , , , , ,

More Stories

LummaStealer activity spikes post-law enforcement disruption

LummaStealer activity spikes post-law enforcement disruption

AndyC 13 February 2026
Polish hacker charged seven years after massive Morele.net data breach

Apple fixed first actively exploited zero-day in 2026

AndyC 13 February 2026
Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

AndyC 12 February 2026
Volvo Group hit in massive Conduent data breach

Volvo Group hit in massive Conduent data breach

AndyC 12 February 2026
Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were

Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were

AndyC 12 February 2026
Reynolds ransomware uses BYOVD to disable security before encryption

Reynolds ransomware uses BYOVD to disable security before encryption

AndyC 12 February 2026

You may have missed

ApolloMD data breach impacts 626,540 people

ApolloMD data breach impacts 626,540 people

AndyC 13 February 2026
LummaStealer activity spikes post-law enforcement disruption

LummaStealer activity spikes post-law enforcement disruption

AndyC 13 February 2026
IDC Market Note: Surging Demand for EU Data Sovereignty Drives New Cybersecurity-Cloud Partnership

IDC Market Note: Surging Demand for EU Data Sovereignty Drives New Cybersecurity-Cloud Partnership

AndyC 13 February 2026
Constella Intelligence Unveils 2026 Identity Breach Report: The Industrialization of Identity

NDSS 2025 – Revisiting Concept Drift In Windows Malware Detection

AndyC 13 February 2026
Constella Intelligence Unveils 2026 Identity Breach Report: The Industrialization of Identity

42,900 OpenClaw Exposed Control Panels and Why You Should Care

AndyC 13 February 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.