Apex Data Breach Exposes Sensitive Personal and Health Information
Apex recently disclosed a data breach in which unauthorized actors accessed and potentially exfiltrated sensitive personal and health-related information. The incident came to light on December 23, 2025, when the company detected a cyberattack involving a file-locking virus on its network.
An investigation revealed that the unauthorized access occurred on December 9, 2025, with attackers potentially acquiring a range of confidential data. The exposed information includes:
- Personal identifiers: Names, Social Security numbers, addresses, phone numbers, dates of birth, driver’s license numbers, passport numbers, and other government-issued IDs.
- Health data: Treatment details, diagnoses, prescription information, health insurance identifiers, and patient account numbers.
- Financial information: Bank account numbers (without security codes or passwords).
Apex has since published a breach notice on its website, detailing the affected data types and offering complimentary credit monitoring services to impacted individuals. The full scope of the breach, including the number of affected parties, remains under review.
Source: https://straussborrelli.com/2026/02/24/apex-spine-neurosurgery-data-breach-investigation/
Apex TPRM report: https://www.rankiteo.com/company/apex-healthcare-systems
"id": "ape1771977171",
"linkid": "apex-healthcare-systems",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Apex',
'type': 'Company'}],
'customer_advisories': 'Offered complimentary credit monitoring services to '
'impacted individuals',
'data_breach': {'data_exfiltration': 'Potential',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Addresses',
'Phone numbers',
'Dates of birth',
'Driver’s license '
'numbers',
'Passport numbers',
'Government-issued '
'IDs',
'Health insurance '
'identifiers',
'Patient account '
'numbers',
'Bank account '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal identifiers',
'Health data',
'Financial information']},
'date_detected': '2025-12-23',
'date_publicly_disclosed': '2025-12-23',
'description': 'Apex recently disclosed a data breach in which unauthorized '
'actors accessed and potentially exfiltrated sensitive '
'personal and health-related information. The incident came to '
'light on December 23, 2025, when the company detected a '
'cyberattack involving a file-locking virus on its network. An '
'investigation revealed that the unauthorized access occurred '
'on December 9, 2025, with attackers potentially acquiring a '
'range of confidential data.',
'impact': {'data_compromised': 'Sensitive personal and health-related '
'information',
'identity_theft_risk': 'High',
'payment_information_risk': 'Low'},
'investigation_status': 'Under review',
'ransomware': {'data_encryption': 'File-locking virus',
'data_exfiltration': 'Potential'},
'references': [{'source': 'Apex Breach Notice'}],
'response': {'communication_strategy': 'Published breach notice on website, '
'offered complimentary credit '
'monitoring services'},
'title': 'Apex Data Breach Exposes Sensitive Personal and Health Information',
'type': 'Data Breach'}