ApolloMD Data Breach Exposes 626,540 Patients: Qilin Ransomware Attack Confirmed

Home ยป News
Yash Shield
News
Reading time icon 2 min. read

Calendar icon Published on

A May 2025 cyberattack compromised sensitive health data for 626,540 individuals at ApolloMD. Hackers accessed files between May 22-23 containing names, addresses, birth dates, diagnoses, treatment details, provider info, and insurance data. Some Social Security numbers were also stolen

Atlanta-based ApolloMD manages physician services across 125 practices in 18 states. The company serves over 2,500 doctors and advanced clinicians. Qilin ransomware claimed responsibility by listing ApolloMD on its Tor leak site in early June 2025.

BEST WINTER DEALS
Editor's Choice
Private Internet Access

Access content across the globe at the highest speed rate.

70% of our readers choose Private Internet Access

70% of our readers choose ExpressVPN

ExpressVPN

Browse the web from multiple devices with industry-standard security protocols.
Nord VPN

Faster dedicated servers for specific actions (currently at summer discounts)

ApolloMD posted a substitute notice detailing the breach scope. Notifications went to affiliated physicians by September 2025. Affected patients received mailed letters with free credit monitoring services.

HHS added ApolloMD to its public breach portal this week, confirming the massive scale. The incident ranks among largest healthcare breaches of 2025.

Healthcare remains prime ransomware target due to valuable patient data. Qilin specializes in double extortion attacks hitting hospitals and clinics nationwide.

Official Breach Disclosures

HHS OCR Portal: Lists 626,540 impacted individuals from May 22-23, 2025 incident OCR Breach Report

Stolen Data Categories

Data TypeImpact LevelRecovery Steps
Names/AddressesHighCredit monitoring
DOB/DiagnosesCriticalIdentity theft risk
Treatment DetailsCriticalMedical fraud risk
Insurance InfoHighBilling fraud risk
Social Security #CriticalFull identity protection

Company Profile

  • Location: Atlanta, Georgia
  • Services: Physician practice management
  • Coverage: 125 practices, 18 states
  • Staff: 2,500+ physicians/APCs
  • Breach Date: May 22-23, 2025

Timeline of Events

  • May 22-23: Unauthorized file access
  • Early June: Qilin adds to leak site
  • September: Physician notifications
  • September: Patient mailings begin
  • February 2026: HHS portal listing

Ransomware Threat Profile

Qilin emerged 2024 targeting healthcare. Uses double extortion with data theft plus encryption. Hits hospitals, clinics across US. Refuses negotiations per US policy.

Patient Protection Measures

Free credit monitoring offered. Mailed notification letters dispatched. HHS portal provides breach verification. Patients urged to monitor medical statements.

Healthcare Breach Context

Healthcare accounts for 20%+ of major US breaches annually. Patient data sells for $50-$1000/record on dark web. Ransomware groups increasingly target medical networks.

FAQ

How many impacted?

626,540 individuals

What data stolen?

PII, PHI, SSNs

Ransomware group?

Qilin leak site June 2025

Notifications sent?

Physicians September 2025, patients by mail

Location/services?

Atlanta-based, 125 practices across 18 states

Yash

Yash Shield

I am a Business Analytics student with a strong interest in publishing well-researched and data-driven news articles. I focus on analyzing trends in business, finance, and technology to create clear, accurate, and engaging content for readers. I enjoy transforming complex data and information into simple, meaningful stories that help audiences understand current developments. With analytical thinking and attention to detail, I aim to deliver credible and insightful news that adds real value to readers.

Readers help support VPNCentral. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more

User forum

0 messages