APOLLOMD disclosed that 626,540 patients were affected by a breach in May 2025, with the incident beginning on May 22, 2025 and occurring that day and the following day. According to ApolloMD, the Qilin ransomware gang was the first to reveal the attack on its dark web leak site on June 12, 2025, and Qilin posted five screenshots as “proof,” claiming to have exfiltrated 238 GB of data.
The types of information involved included names, dates of birth, addresses, diagnoses, provider names, dates of service, treatment information, health insurance information, and, for some individuals, Social Security numbers. ApolloMD notified affected clients between 21 July and 11 September 2025, and sent letters to patients on 17 September 2025, with a substitute notice published on 29 September 2025 stating that the hospitals were not responsible for the breach and listing several physician practices.
The post raises questions about why HHS notification was delayed if patients were notified in September, and whether 626,540 is the total figure or if some clients reported the breach themselves; DataBreaches[.]net has not received a reply from ApolloMD.