Apex Spine & Neurosurgery Suffers Ransomware Attack, Exposing Data of 2,500 Patients
Apex Spine & Neurosurgery, LLC, a U.S.-based healthcare provider, disclosed a ransomware attack that compromised the personal and medical data of approximately 2,500 individuals. The breach was first detected on December 23, 2025, when the organization identified unauthorized access to its network and the deployment of ransomware.
An investigation revealed that the attacker had exfiltrated files as early as December 9, 2025. The ransomware group INTERLOCK later claimed responsibility, announcing on January 6, 2026, that it had stolen 20GB of data and posted details on a dark web site via the Tor network.
The exposed data includes a broad range of sensitive information, such as:
- Personally Identifiable Information (PII): Names, addresses, phone numbers, dates of birth, Social Security numbers, driver’s license and passport numbers, and other government identifiers.
- Protected Health Information (PHI): Medical histories, treatment details, diagnosis codes, prescription information, assigned physicians, health service dates and locations, and payment data, including financial account numbers (without security codes) and health insurance IDs.
The organization’s electronic health records platform, housed in a separate network, remained unaffected.
Apex Spine & Neurosurgery reported the breach to the U.S. Department of Health and Human Services on February 6, 2026, and has since published a public notice. Direct notifications to impacted individuals will be mailed once the review is complete and addresses are verified.
In response, the company is offering guidance on credit monitoring, fraud alerts, and identity theft protection, including steps for safeguarding minors’ and deceased individuals’ data. Additionally, Apex Spine & Neurosurgery is reviewing its cybersecurity practices to prevent future incidents.
Source: https://www.claimdepot.com/data-breach/apex-spine-and-neurosurgery-2026
Apex Spine & Neurosurgery, LLC TPRM report: https://www.rankiteo.com/company/apex-spine-and-neurosurgery
"id": "ape1771973575",
"linkid": "apex-spine-and-neurosurgery",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2500',
'industry': 'Healthcare',
'location': 'United States',
'name': 'Apex Spine & Neurosurgery, LLC',
'type': 'Healthcare Provider'}],
'attack_vector': 'Unauthorized network access',
'customer_advisories': 'Direct notifications to impacted individuals via '
'mail; public notice published',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Yes (20GB of data)',
'number_of_records_exposed': '2500',
'personally_identifiable_information': ['Names',
'Addresses',
'Phone numbers',
'Dates of birth',
'Social Security '
'numbers',
'Driver’s license '
'numbers',
'Passport numbers',
'Government '
'identifiers',
'Financial account '
'numbers',
'Health insurance '
'IDs'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-12-23',
'date_publicly_disclosed': '2026-02-06',
'description': 'Apex Spine & Neurosurgery, LLC, a U.S.-based healthcare '
'provider, disclosed a ransomware attack that compromised the '
'personal and medical data of approximately 2,500 individuals. '
'The breach was first detected on December 23, 2025, when the '
'organization identified unauthorized access to its network '
'and the deployment of ransomware. The attacker had '
'exfiltrated files as early as December 9, 2025. The '
'ransomware group INTERLOCK claimed responsibility, announcing '
'on January 6, 2026, that it had stolen 20GB of data and '
'posted details on a dark web site via the Tor network.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure',
'data_compromised': '20GB of data',
'identity_theft_risk': 'High (PII and PHI exposed)',
'legal_liabilities': 'Potential legal liabilities under HIPAA',
'payment_information_risk': 'Moderate (financial account numbers '
'exposed without security codes)',
'systems_affected': 'Network systems (excluding electronic health '
'records platform)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (details posted on '
'dark web via Tor)'},
'investigation_status': 'Ongoing',
'motivation': 'Data exfiltration and ransom',
'post_incident_analysis': {'corrective_actions': 'Reviewing cybersecurity '
'practices'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransomware_strain': 'INTERLOCK'},
'recommendations': 'Guidance on credit monitoring, fraud alerts, and identity '
'theft protection; steps for safeguarding minors’ and '
'deceased individuals’ data',
'references': [{'source': 'Public disclosure by Apex Spine & Neurosurgery'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': ['Reported to U.S. '
'Department of Health '
'and Human Services on '
'February 6, 2026']},
'response': {'communication_strategy': 'Public notice and direct '
'notifications to impacted individuals',
'remediation_measures': 'Reviewing cybersecurity practices'},
'threat_actor': 'INTERLOCK',
'title': 'Apex Spine & Neurosurgery Suffers Ransomware Attack, Exposing Data '
'of 2,500 Patients',
'type': 'Ransomware'}