Lorain Emergency Physicians, LLC, a healthcare provider in Lorain, Ohio, suffered a severe cybersecurity breach executed by the Qilin ransomware group. The attack targeted ApolloMD Business Services, an administrative affiliate, leading to the theft of highly sensitive patient data. Compromised files included personal and protected health information such as names, dates of birth, Social Security numbers, addresses, medical diagnoses, treatment details, provider names, service dates, and health insurance data. The breach was detected on May 22, 2025, with unauthorized access confirmed between May 22–23, 2025. Notifications to affected individuals and practices were delayed, issued between July 21 and September 17, 2025. The incident impacted patients across multiple U.S. medical groups serviced by ApolloMD. In response, the company secured systems, engaged law enforcement, and offered free credit monitoring to victims whose Social Security numbers were exposed. The breach poses significant risks of identity theft, financial fraud, and targeted phishing attacks against affected patients.
Source: https://www.claimdepot.com/data-breach/lorain-emergency-physicians-2025
TPRM report: https://www.rankiteo.com/company/southwest-general-health-center
"id": "sou4202342092825",
"linkid": "southwest-general-health-center",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'healthcare',
'location': 'Lorain, Ohio, USA',
'name': 'Lorain Emergency Physicians, LLC',
'type': 'healthcare provider'},
{'industry': 'healthcare',
'name': 'ApolloMD Business Services',
'type': 'administrative services provider'},
{'industry': 'healthcare',
'location': 'United States',
'name': 'Several other medical groups (unnamed)',
'type': 'healthcare providers'}],
'customer_advisories': ['Offer of free credit monitoring for affected '
'individuals.',
'Incident response hotline (833-397-6797) for '
'questions.'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes SSNs and medical '
'records)',
'type_of_data_compromised': ['personal data',
'protected health information '
'(PHI)']},
'date_detected': '2025-05-22',
'date_publicly_disclosed': '2025-07-21',
'description': 'Lorain Emergency Physicians, LLC, a healthcare organization '
'based in Lorain, Ohio, was impacted by a cybersecurity '
'incident linked to its affiliate, ApolloMD Business Services. '
'The Qilin ransomware group claimed responsibility for the '
'attack, which involved the theft of files containing personal '
'and protected health data of patients. Exposed information '
'included names, dates of birth, Social Security numbers, '
'addresses, diagnosis information, provider names, dates of '
'service, treatment information, and health insurance details. '
'ApolloMD detected suspicious activity on May 22, 2025, and '
'confirmed the breach occurred between May 22 and May 23, '
'2025. Notifications to affected practices and individuals '
'were sent between July 21 and September 17, 2025.',
'impact': {'brand_reputation_impact': 'potential reputational damage due to '
'exposure of sensitive patient data',
'data_compromised': ['names',
'dates of birth',
'Social Security numbers',
'addresses',
'diagnosis information',
'provider names',
'dates of service',
'treatment information',
'health insurance information'],
'identity_theft_risk': 'high (due to exposure of SSNs and personal '
'health information)',
'systems_affected': ['internal network of ApolloMD Business '
'Services']},
'initial_access_broker': {'high_value_targets': ['patient personal and health '
'data']},
'investigation_status': 'completed (as of September 2025 notifications)',
'motivation': 'financial (ransomware)',
'post_incident_analysis': {'corrective_actions': ['secured systems',
'notified law enforcement',
'offered credit '
'monitoring']},
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Qilin'},
'recommendations': ['Sign up for free credit monitoring services if offered.',
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing emails or calls using exposed '
'information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'ApolloMD Notice of Data Security Incident'},
{'source': 'Lorain Emergency Physicians advisory'}],
'regulatory_compliance': {'regulations_violated': ['potential HIPAA '
'violations']},
'response': {'communication_strategy': ['notification letters to affected '
'individuals',
'Notice of Data Security Incident '
'posted on ApolloMD website',
'established incident response '
'hotline (833-397-6797)'],
'containment_measures': ['secured affected systems'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['offered free credit monitoring services '
'to affected individuals']},
'stakeholder_advisories': ['notification letters to affected practices and '
'individuals',
'public notice on ApolloMD website'],
'threat_actor': 'Qilin ransomware group',
'title': 'Data Breach at Lorain Emergency Physicians, LLC via ApolloMD '
'Business Services',
'type': ['data breach', 'ransomware attack']}