Veradigm (formerly Allscripts) reported a hacking incident stemming from a compromised customer credential, discovered on July 1, 2025, though the breach originated around December 15, 2024. An unauthorized actor accessed a Veradigm storage unit using credentials obtained from a compromised customer during an earlier, unrelated security incident. The exposed data varies per individual but includes names, dates of birth, contact details, health records (diagnoses/treatments), Social Security numbers, health insurance information, payment details, and driver’s license numbers.The breach impacted nearly 70,000 patients in just two states (South Carolina and Texas), with broader implications likely. Veradigm engaged cybersecurity experts to investigate, implemented new safeguards, and notified affected patients and regulators. The incident did not disrupt Veradigm’s primary network or daily operations but highlights critical third-party vendor risks in healthcare data security. The breach underscores vulnerabilities in credential management and the cascading effects of supply-chain attacks on protected health information (PHI).
Source: https://www.govinfosecurity.com/vendors-veradigm-apollomd-report-health-data-hacks-a-29542
TPRM report: https://www.rankiteo.com/company/veradigm
"id": "ver0503605092525",
"linkid": "veradigm",
"type": "Breach",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '~70,000 (across multiple '
'states, including South '
'Carolina and Texas)',
'industry': 'Healthcare',
'location': 'USA',
'name': 'Veradigm (formerly Allscripts)',
'type': ['Healthcare IT Vendor',
'Revenue Cycle Management']},
{'industry': 'Healthcare',
'location': 'Atlanta, Georgia, USA',
'name': 'ApolloMD Business Services',
'type': ['Physician Practice Management',
'Business Associate']},
{'industry': 'Healthcare',
'name': 'Passaic Hospitalist Services',
'type': 'Physician Practice'},
{'industry': 'Healthcare',
'name': 'Pensacola Hospitalist Physicians',
'type': 'Physician Practice'},
{'industry': 'Healthcare',
'name': 'Broad River Physicians Group',
'type': 'Physician Practice'},
{'industry': 'Healthcare',
'name': 'Olive Branch Emergency Physicians',
'type': 'Physician Practice'},
{'industry': 'Healthcare',
'name': 'Aurora Emergency Physicians',
'type': 'Physician Practice'},
{'industry': 'Healthcare',
'name': 'Passaic River Physicians',
'type': 'Physician Practice'},
{'industry': 'Healthcare',
'name': 'The Bortolazzo Group',
'type': 'Physician Practice'},
{'industry': 'Healthcare',
'name': 'Methodist University Emergency Physicians',
'type': 'Physician Practice'},
{'industry': 'Healthcare',
'name': 'Trinity Emergency Physicians',
'type': 'Physician Practice'},
{'industry': 'Healthcare',
'name': 'Lorain Emergency Physicians',
'type': 'Physician Practice'},
{'industry': 'Healthcare',
'name': 'Pennsylvania Hospitalist Group',
'type': 'Physician Practice'}],
'attack_vector': ['Compromised Credentials (Veradigm)',
'Unspecified IT Environment Intrusion (ApolloMD)'],
'customer_advisories': ['Breach notifications sent to affected patients '
'(both)'],
'data_breach': {'data_exfiltration': ['Yes (both cases)'],
'number_of_records_exposed': {'ApolloMD': None,
'Veradigm': '~70,000 (partial '
'state data)'},
'personally_identifiable_information': ['Names',
'SSNs',
'Driver’s License '
'Numbers',
'Contact Info'],
'sensitivity_of_data': ['High (SSNs, health records, payment '
'details)'],
'type_of_data_compromised': ['PII', 'PHI', 'Payment Data']},
'date_detected': {'ApolloMD': '2025-05-22', 'Veradigm': '2025-07-01'},
'date_publicly_disclosed': '2025-07-10',
'description': 'Medical practices and revenue cycle management vendors '
'Veradigm (formerly Allscripts) and ApolloMD reported hacking '
'incidents tied to compromised credentials, exposing sensitive '
'patient data including names, Social Security numbers, health '
'records, and payment details. The breaches underscore '
'persistent third-party vendor risks in healthcare, with '
"Veradigm's incident affecting ~70,000 patients across "
"multiple states and ApolloMD's breach impacting patients "
'across a dozen affiliated physician practices. Both incidents '
'were detected months after initial compromise, with '
"Veradigm's originating in December 2024 and ApolloMD's in May "
'2025. Regulatory filings and law enforcement notifications '
'are underway, though neither breach has yet appeared on the '
'HHS OCR HIPAA Breach Reporting Tool.',
'impact': {'brand_reputation_impact': ['Potential erosion of trust in '
'third-party healthcare vendors'],
'data_compromised': {'ApolloMD': ['Names',
'Dates of Birth',
'Addresses',
'Diagnosis Information',
'Provider Names',
'Dates of Service',
'Treatment Information',
'Health Insurance Information',
'Social Security Numbers'],
'Veradigm': ['Names',
'Dates of Birth',
'Contact Information',
'Health Information '
'(Diagnoses/Treatments)',
'Social Security Numbers',
'Health Insurance Information',
'Payment Details',
'Driver’s License Numbers']},
'identity_theft_risk': ['High (SSNs, PII exposed)'],
'legal_liabilities': ['Potential class-action lawsuits (e.g., '
'Medusind’s $5M settlement precedent)'],
'operational_impact': {'ApolloMD': None,
'Veradigm': ['No disruption to primary '
'network or daily operations']},
'payment_information_risk': ['High (Payment details exposed in '
'Veradigm breach)'],
'systems_affected': {'ApolloMD': ['IT Environment'],
'Veradigm': ['Storage Unit (Non-Primary '
'Network)']}},
'initial_access_broker': {'entry_point': {'ApolloMD': 'Unspecified IT '
'environment intrusion',
'Veradigm': 'Compromised customer '
'credential'},
'high_value_targets': ['Patient health records '
'(PHI)',
'PII']},
'investigation_status': ['Ongoing (both cases)'],
'lessons_learned': ['Third-party vendor risks remain a critical vulnerability '
'in healthcare.',
'Delayed detection (months) exacerbates exposure risks.',
'Credential security and workforce training are essential '
'to mitigate social engineering threats.',
'Technical safeguards alone are insufficient without '
'comprehensive workforce education.'],
'post_incident_analysis': {'corrective_actions': {'ApolloMD': ['Third-party '
'investigation',
'Law '
'enforcement '
'collaboration'],
'Veradigm': ['Technical '
'safeguards',
'Storage '
'account '
'review']},
'root_causes': ['Inadequate credential security '
'(Veradigm)',
'Delayed detection of unauthorized '
'access (both)',
'Third-party vendor '
'vulnerabilities']},
'ransomware': {'data_exfiltration': ['Yes (both cases)']},
'recommendations': ['Enhance vendor risk management programs with continuous '
'monitoring.',
'Implement multi-factor authentication (MFA) and '
'least-privilege access controls.',
'Conduct regular third-party security audits and '
'penetration testing.',
'Prioritize workforce cybersecurity training to counter '
'social engineering.',
'Establish clearer incident disclosure timelines to '
'regulators and affected parties.'],
'references': [{'date_accessed': '2025-07-10',
'source': 'Information Security Media Group (ISMG)'},
{'date_accessed': '2025-07-10',
'source': 'Veradigm Breach Notice (State Filings: SC, TX)'},
{'date_accessed': '2025-07-10',
'source': 'ApolloMD Breach Notice'},
{'date_accessed': '2025-07-10',
'source': 'HHS OCR HIPAA Breach Reporting Tool',
'url': 'https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf'}],
'regulatory_compliance': {'legal_actions': ['Potential class-action lawsuits '
'(e.g., Medusind precedent)'],
'regulations_violated': ['HIPAA (likely)'],
'regulatory_notifications': ['State Attorneys '
'General (Veradigm: '
'SC, TX)',
'HHS OCR (pending)']},
'response': {'communication_strategy': ['State regulators (Veradigm: SC, TX)',
'Affected patients (both)',
'Public breach notices'],
'incident_response_plan_activated': ['Yes (both Veradigm and '
'ApolloMD)'],
'law_enforcement_notified': ['Yes (ApolloMD)',
'Unspecified (Veradigm)'],
'remediation_measures': {'ApolloMD': None,
'Veradigm': ['New technical safeguards',
'Storage account review']},
'third_party_assistance': ['Cybersecurity experts (both cases)',
'Law enforcement (ApolloMD)']},
'stakeholder_advisories': ['State regulators (Veradigm)',
'Affected physician practices (ApolloMD)'],
'title': 'Health Data Breaches at Veradigm and ApolloMD Highlight Third-Party '
'Vendor Risks',
'type': ['Data Breach',
'Third-Party Vendor Compromise',
'Unauthorized Access'],
'vulnerability_exploited': ['Weak Credential Security (Veradigm)']}