Aurora Emergency Physicians, LLC, an Illinois-based emergency medicine provider, suffered a data breach after an unauthorized actor accessed sensitive patient files maintained by its business associate, ApolloMD, between May 22–23, 2025. The breach exposed personally identifiable information (PII) and protected health information (PHI), including names, Social Security numbers, dates of birth, addresses, medical diagnoses, treatment details, provider names, and health insurance data.The compromised data significantly elevates risks of identity theft, financial fraud, and medical fraud, affecting thousands of patients across multiple affiliated practices. ApolloMD secured its systems, notified law enforcement, and began mailing breach notifications to victims on September 17, 2025, while offering free credit monitoring to those with exposed SSNs. The incident underscores severe vulnerabilities in healthcare data security, with potential long-term reputational and financial repercussions for the organization and its patients.
Source: https://www.claimdepot.com/data-breach/aurora-emergency-physicians-2025
TPRM report: https://www.rankiteo.com/company/empact-emergency-physicians-llc
"id": "emp5062350092725",
"linkid": "empact-emergency-physicians-llc",
"type": "Breach",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Thousands of patients (exact '
'number undisclosed)',
'industry': 'Emergency Medicine',
'location': 'Illinois, USA',
'name': 'Aurora Emergency Physicians, LLC',
'size': 'Small',
'type': 'Healthcare Provider'},
{'customers_affected': 'Multiple physician practices '
'(including Aurora Emergency '
'Physicians)',
'industry': 'Healthcare Administrative Services',
'name': 'ApolloMD Business Services',
'type': 'Business Associate'}],
'customer_advisories': ['Free credit monitoring offered to individuals with '
'exposed SSNs',
'Guidance provided on fraud prevention measures'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'Thousands (exact number '
'undisclosed)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII and PHI)',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Dates of birth',
'Addresses',
'Diagnosis information',
'Provider names',
'Dates of service',
'Treatment details',
'Health insurance information']},
'date_detected': '2025-05-22',
'date_publicly_disclosed': '2025-09-17',
'description': 'Aurora Emergency Physicians, LLC, a small Illinois-based '
'emergency medicine provider, was impacted by a significant '
'data breach after an unauthorized actor accessed files '
'containing sensitive patient information maintained by '
'ApolloMD Business Services, an affiliated business associate. '
'The breach exposed personally identifiable information (PII) '
'and protected health information (PHI), including names, '
'Social Security numbers, dates of birth, addresses, diagnosis '
'information, provider names, dates of service, treatment '
'details, and health insurance information. The incident was '
'detected on May 22, 2025, with unauthorized access occurring '
'between May 22 and May 23, 2025. Affected individuals were '
'notified starting September 17, 2025. The breach poses risks '
'of identity theft and financial or medical fraud, with '
'thousands of patients believed to be impacted.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive patient data',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)'],
'identity_theft_risk': 'High (due to exposure of SSNs, dates of '
'birth, and health information)',
'systems_affected': ['ApolloMD IT environment',
'Files containing patient information']},
'initial_access_broker': {'high_value_targets': ['Patient PII and PHI']},
'investigation_status': 'Completed (as of public disclosure on 2025-09-17)',
'recommendations': ['Sign up for free credit monitoring services if offered',
'Monitor credit reports and financial accounts for '
'unusual activity',
'Be alert for phishing attempts using exposed information',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus'],
'references': [{'source': 'ApolloMD Notice of Data Security Incident'}],
'response': {'communication_strategy': ['Published Notice of Data Security '
'Incident on ApolloMD website',
'Notified affected patients by mail '
'(starting September 17, 2025)',
'Established incident response '
'hotline (833-397-6797, Mon-Fri 8 AM '
'- 8 PM ET)'],
'containment_measures': ['Secured IT systems'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Free credit monitoring services for '
'affected individuals with exposed SSNs']},
'stakeholder_advisories': ['Patients advised to monitor financial accounts '
'and credit reports',
'Incident response hotline established for '
'inquiries (833-397-6797)'],
'threat_actor': 'Unauthorized actor',
'title': 'Data Breach at Aurora Emergency Physicians, LLC via ApolloMD '
'Business Services',
'type': ['Data Breach', 'Unauthorized Access']}