What happened
A cyberattack on the Georgia-based healthcare provider ApolloMD last year resulted in the leak of sensitive information for an estimated 626,540 individuals. According to a filing with the U.S. Department of Health and Human Services, attackers were present in ApolloMD’s IT environment between May 22 and May 23, accessing data for people treated by affiliated physicians and practices. The compromised information included names, dates of birth, addresses, diagnoses, dates of service, treatments, health insurance details, and Social Security numbers. ApolloMD, which provides multispecialty physician services to more than 100 hospitals across 18 states, initially notified customers of the breach in September before disclosing the full number of affected individuals to federal regulators. The ransomware group Qilin claimed responsibility for the attack in June 2025 and has previously targeted healthcare organizations, publishing victim data regularly over the past year.
Who is affected
Patients whose personal and health information was stored by ApolloMD are affected, with an estimated 626,540 individuals’ data — including health insurance and Social Security numbers — accessed during the breach.
Why CISOs should care
The exposure of extensive patient health and identity data through a healthcare provider breach highlights the continuing risk to sensitive personal information when medical IT environments are infiltrated and ransomware actors like Qilin are involved.
3 practical actions
- Review security posture of healthcare systems. Assess access controls and monitoring for sensitive medical databases.
- Enhance data loss detection. Deploy tools to spot unusual exfiltration of protected health information.
- Strengthen incident response plans. Update response playbooks to account for complex healthcare breaches and ransomware actor involvement.