Pennsylvania Hospitalist Group, LLC, a medical practice specializing in emergency medicine, suffered a cybersecurity breach after the Qilin ransomware group infiltrated the network of ApolloMD Business Services, its third-party billing provider. The attack, detected on May 22, 2025, involved unauthorized access to systems between May 22–23, 2025, exposing sensitive patient data. Compromised information included names, Social Security numbers, dates of birth, addresses, diagnosis/treatment details, provider names, service dates, and health insurance data, affecting thousands of patients across multiple affiliated practices.ApolloMD secured the impacted systems, engaged law enforcement, and began notifying affected individuals via mail on September 17, 2025. Victims with exposed Social Security numbers were offered free credit monitoring. The breach poses risks of identity theft, financial fraud, and phishing attacks leveraging the stolen health and personal data. A dedicated incident response line was established to assist victims.
Source: https://www.claimdepot.com/data-breach/pennsylvania-hospitalist-group-2025
TPRM report: https://www.rankiteo.com/company/adfinitas-health
"id": "adf5302753092825",
"linkid": "adfinitas-health",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Thousands of patients',
'industry': 'Healthcare (Emergency Medicine)',
'location': 'Pennsylvania, USA',
'name': 'Pennsylvania Hospitalist Group, LLC',
'type': 'Medical Practice'},
{'customers_affected': 'Multiple physician practices '
'(thousands of patients)',
'industry': 'Healthcare Services',
'name': 'ApolloMD Business Services',
'type': 'Third-Party Billing Services Provider'}],
'attack_vector': 'Unauthorized network access',
'customer_advisories': ['Free credit monitoring offered to patients with '
'compromised Social Security numbers',
'Guidance provided on monitoring credit, phishing '
'risks, and fraud alerts'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'Thousands (exact number not '
'released)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes PII and PHI)',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Dates of birth',
'Addresses',
'Diagnosis information',
'Provider names',
'Dates of service',
'Treatment information',
'Health insurance information']},
'date_detected': '2025-05-22',
'date_publicly_disclosed': '2025-09-17',
'description': 'Pennsylvania Hospitalist Group, LLC, a medical practice '
'specializing in emergency medicine, experienced a '
'cybersecurity incident when an unauthorized actor gained '
'access to the computer network of ApolloMD Business Services, '
'a third-party billing services provider. The Qilin ransomware '
'group claimed responsibility for the attack, potentially '
'exposing sensitive patient information including names, '
'Social Security numbers, dates of birth, addresses, diagnosis '
'information, provider names, dates of service, treatment '
'information, and health insurance information.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'identity_theft_risk': True,
'systems_affected': True},
'investigation_status': 'Completed (breach confirmed between 2025-05-22 and '
'2025-05-23)',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Qilin'},
'recommendations': ['Sign up for free credit monitoring services (if offered)',
'Monitor credit reports and financial accounts for '
'unusual activity',
'Be alert for phishing emails or calls using exposed '
'information',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus'],
'references': [{'source': 'ApolloMD Notice of Data Security Incident'}],
'response': {'communication_strategy': ['Published Notice of Data Security '
'Incident on website',
'Notified impacted individuals by '
'mail (starting 2025-09-17)',
'Established toll-free incident '
'response line (833-397-6797)'],
'containment_measures': ['Secured affected systems'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True},
'stakeholder_advisories': ['Dedicated toll-free incident response line '
'(833-397-6797) available Mon-Fri, 8 a.m. to 8 '
'p.m. ET'],
'threat_actor': 'Qilin ransomware group',
'title': 'Data Breach at ApolloMD Business Services Affecting Pennsylvania '
'Hospitalist Group, LLC',
'type': ['Data Breach', 'Ransomware Attack']}