A security incident involving ApolloMD Business Services, an Atlanta-based, physician-owned MSO, has affected 626,540 patients, according to the U.S. Department of Health and Human Services’ data breach tracker.
ApolloMD, which has a network of 11 physicians, detected unusual activity on its network May 22 and launched an investigation to determine the scope and nature of the incident. A third-party cybersecurity firm found that an unauthorized party accessed the network between May 22 and May 23. Files containing protected health information from ApolloMD-affiliated physicians and practices may have been compromised.
According to a Feb. 10 public filing, the potentially exposed information includes names, addresses, dates of birth, diagnoses, provider names, dates of service, treatment details and health insurance information. A subset of individuals also had their Social Security numbers exposed.
ApolloMD notified affiliated physicians and practices between July 21 and Sept. 11. Letters to affected individuals began mailing Sept. 17. The organization is offering complimentary credit monitoring and identity theft protection to those whose Social Security numbers were compromised.
