A cyberattack on the healthcare services provider ApolloMD in May 2025 resulted in the theft of personal and medical data belonging to over 626,000 patients. The breach, which was later claimed by the Qilin ransomware group, compromised sensitive information ranging from treatment records to Social Security numbers for individuals treated by ApolloMD's affiliated physicians.

ApolloMD serves as a critical infrastructure partner for various hospitals and health systems across the United States, providing essential staffing and administrative support. The company manages operational functions for a wide range of medical specialties, including radiology and emergency medicine. Because of its central role in handling patient data for numerous practices, the security incident had a widespread impact on individuals receiving care through its network of providers.

The organization first identified suspicious activity within its digital environment on May 22, 2025, prompting an immediate forensic investigation. This inquiry revealed that unauthorized actors had successfully infiltrated the company's IT systems for a forty-eight-hour period. During this window of access, the intruders managed to acquire files containing deep levels of patient information, including names, residential addresses, and specific diagnostic data.

Official records from the US Department of Health and Human Services confirmed that exactly 626,540 people were affected by the data theft. While the specific data points exposed varied between individuals, the most sensitive cases involved the exposure of Social Security numbers and detailed health insurance information. Following the discovery, ApolloMD began the process of coordinating with law enforcement and identifying the specific patients whose privacy had been violated.

The communication process regarding the breach took several months, with the company informing its managed physician groups throughout the summer of 2025. Formal notification letters were eventually dispatched to the affected patients starting in mid-September. These notices outlined the nature of the unauthorized access and provided clarity on the types of information that may have been viewed or stolen by the attackers.

Although the company remained quiet regarding the specific technical vulnerabilities that allowed the intrusion, the Qilin ransomware gang publicly took credit for the heist shortly after it occurred. This incident highlights the ongoing risks faced by third-party healthcare administrators who hold massive repositories of patient data. The breach remains one of the more significant healthcare security failures of the year due to the high volume of sensitive medical and financial identifiers involved.

Source: ApolloMD Data Breach Impacts 626,540 People Nationwide