Breach cyber

ApolloMD Business Services, LLC

Sep 30, 2025 2 min read
ApolloMD Business Services, LLC

ApolloMD, a Georgia-based healthcare provider specializing in multispecialty physician and practice management services, suffered a cybersecurity breach where an unauthorized hacker accessed sensitive personally identifiable information (PII) of an undetermined number of individuals. The exposed data included names, addresses, dates of birth, medical diagnoses, provider details, treatment records, health insurance information, and—for a subset of victims—Social Security numbers (SSNs). The breach poses significant risks of identity theft, financial fraud, and medical fraud, given the highly sensitive nature of the compromised records. The incident has prompted a class-action investigation by Lynch Carpenter LLP, indicating potential legal and reputational repercussions for ApolloMD. The exposure of SSNs and protected health information (PHI) elevates the severity, as such data is highly valuable on underground markets and can lead to long-term harm for affected individuals. The breach underscores vulnerabilities in ApolloMD’s cybersecurity defenses, particularly in safeguarding patient and employee data from external threats.

Source: https://www.globenewswire.com/news-release/2025/09/30/3158793/0/en/Lynch-Carpenter-Investigates-Claims-in-ApolloMD-Data-Breach.html

TPRM report: https://www.rankiteo.com/company/apollomd

"id": "apo5931559111025",
"linkid": "apollomd",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Unknown number of individuals',
                        'industry': 'Healthcare',
                        'location': 'Georgia, USA',
                        'name': 'ApolloMD Business Services, LLC',
                        'type': 'Healthcare Provider / Practice Management '
                                'Services'}],
 'customer_advisories': 'Data breach notifications sent to affected '
                        'individuals; legal firm (Lynch Carpenter) encouraging '
                        'affected parties to submit claims for review',
 'data_breach': {'data_exfiltration': 'Likely (records accessed by '
                                      'cybercriminal)',
                 'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Dates of birth',
                                                         'Social Security '
                                                         'numbers (subset)',
                                                         'Diagnoses',
                                                         'Provider names',
                                                         'Dates of service',
                                                         'Treatment '
                                                         'information',
                                                         'Health insurance '
                                                         'information'],
                 'sensitivity_of_data': 'High (includes SSNs, health '
                                        'diagnoses, and treatment information)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)']},
 'date_publicly_disclosed': '2025-09-30',
 'description': 'ApolloMD Business Services, LLC, a Georgia-based provider of '
                'integrated multispecialty physician and practice management '
                'services, announced a cybersecurity incident impacting '
                'personal information of an unknown number of individuals. A '
                'cybercriminal hacker may have accessed records containing '
                'personally identifiable information (PII), including names, '
                'addresses, dates of birth, diagnoses, provider names, dates '
                'of service, treatment information, and health insurance '
                'information. A subset of individuals also had their Social '
                'Security numbers exposed.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'exposure of sensitive health and PII '
                                       'data',
            'data_compromised': ['Names',
                                 'Addresses',
                                 'Dates of birth',
                                 'Diagnoses',
                                 'Provider names',
                                 'Dates of service',
                                 'Treatment information',
                                 'Health insurance information',
                                 'Social Security numbers (subset of '
                                 'individuals)'],
            'identity_theft_risk': 'High (due to exposure of SSNs and health '
                                   'information)',
            'legal_liabilities': 'Lynch Carpenter, LLP is investigating claims '
                                 'for potential compensation; class action '
                                 'lawsuit possible'},
 'investigation_status': 'Ongoing (Lynch Carpenter, LLP investigating claims)',
 'references': [{'date_accessed': '2025-09-30',
                 'source': 'GLOBE NEWSWIRE Press Release'},
                {'source': 'HIPAA Journal',
                 'url': 'https://www.hipaajournal.com/apollomd-data-breach/'},
                {'source': 'Lynch Carpenter LLP',
                 'url': 'https://www.lynchcarpenter.com'}],
 'regulatory_compliance': {'legal_actions': 'Investigation by Lynch Carpenter, '
                                            'LLP for potential class action '
                                            'lawsuit',
                           'regulations_violated': ['Potential HIPAA '
                                                    'violations (Health '
                                                    'Insurance Portability and '
                                                    'Accountability Act)']},
 'response': {'communication_strategy': 'Public announcement via GLOBE '
                                        'NEWSWIRE; data breach notifications '
                                        'sent to affected individuals'},
 'threat_actor': 'Cybercriminal hacker',
 'title': 'ApolloMD Data Breach',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.