ApolloMD Business Services, an Atlanta-based management services organization, disclosed a security incident affecting several of its physician practice clients, according to a Sept. 24 report by HIPAA Journal.
ApolloMD identified unusual activity within its network on May 22. An investigation was then launched to determine the nature and scope of the activity, and steps were taken to secure the network, according to the report. A third party cybersecurity firm learned that an unauthorized entity had accessed the network from May 22 to May 23. During that time, files containing protected health information of ApolloMD’s affiliated physician and practices may have been breached.
The third party investigation found that the potentially stolen information included names, addresses, dates of birth, diagnoses, provider names, dates of service, treatment information and health insurance information. A subset of individuals had their Social Security numbers exposed.
ApolloMD notified the affected physicians and practices between July 21 and Sept. 11. Notification letters were mailed to affected individuals beginning Sept. 17. ApolloMD has also offered complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers were exposed.
