Apex Spine and Neurosurgery, LLC recently reported a cybersecurity breach in which an unknown cyber actor accessed its computer network and copied sensitive personal and health information. The breach involved data potentially linked to numerous individuals and has led to the firm offering resources for identity protection.
Apex Spine and Neurosurgery Data Breach Investigation
On December 23, 2025, Apex Spine and Neurosurgery discovered suspicious activity within its computer network. The firm confirmed that an unknown cyber actor had gained unauthorized access to part of its system and deployed a virus to lock files. After securing the network, Apex Spine and Neurosurgery initiated a thorough investigation to determine the scope of the incident.
During the investigation, it was revealed that the cyber actor copied files from the network on December 9, 2025. These files are currently under review to identify the specific information contained in them and to determine which individuals may have been affected. The review process is ongoing, but in an effort to provide timely notification, the company is issuing this notice to inform the public of the breach and the steps it is taking to address the situation.
While the breach did not impact Apex Spine and Neurosurgery’s Electronic Health Records (EHR) platform, which is kept in a logically separate computer network, the files that were copied contained sensitive personal and health information. The exposure of this data could pose serious privacy risks, including identity theft and financial fraud.
The information involved in the breach may include the following:
-
Personal Identification Information: Name, address, phone number, date of birth, Social Security number, driver’s license number, passport number, and other government identifiers.
-
Health Information: Details about medical services, including dates of service, treatment information, diagnosis codes, prescription details, assigned physician, and location of health services.
-
Financial Information: Health services payment information, such as financial account numbers (without security codes), health insurance information, subscriber or identification numbers, and patient account numbers.
At this time, there is no evidence suggesting that the stolen information has been misused. However, the exposure of this sensitive data could lead to potential risks, including identity theft, medical fraud, and financial theft.
Apex Spine and Neurosurgery is currently working on reviewing all impacted files and intends to notify affected individuals by mail once the review is complete. The firm is also offering free credit monitoring services to affected individuals and taking additional steps to prevent future cybersecurity incidents.
When Did This Breach Occur?
According to Apex Spine and Neurosurgery:
-
Date(s) the Breach Occurred: December 9, 2025 – December 23, 2025 (final breach discovery date)
-
Date the Breach Was Discovered: December 23, 2025
The breach occurred over a period of time, starting from December 9, 2025, when the unauthorized access and data theft took place. The breach was discovered on December 23, 2025, and the investigation was launched shortly thereafter.
What Information Was Breached?
The following personal and health-related information was potentially exposed during the breach:
-
Personal Information: Name, address, date of birth, Social Security number, driver’s license number, passport number, other government identifiers
-
Health Information: Medical history, diagnoses, treatments, medical test results, prescription information, health insurance policy number, patient account number
-
Financial Information: Bank account numbers, financial details related to medical services
The information involved may vary by individual, but it includes highly sensitive data, particularly in the context of medical and financial records.
What You Can Do
If you received a notification from Apex Spine and Neurosurgery regarding this incident, here are some important steps to protect your personal information:
-
Sign up for the free credit monitoring services offered by Apex Spine and Neurosurgery. These services will notify you of any changes to your credit file.
-
Monitor your financial accounts and credit reports regularly for signs of unauthorized activity or discrepancies.
-
Place a fraud alert or security freeze on your credit files to prevent unauthorized access to your accounts.
-
Review your health records and insurance statements for any signs of fraudulent activity or claims that you did not authorize.
-
Remain vigilant against phishing attempts and other fraud schemes that may attempt to exploit your exposed personal information.
Even if you have not experienced any issues with your information, staying vigilant and proactive can help detect fraud early and mitigate potential risks.
File a Data Breach Lawsuit Against Apex Spine and Neurosurgery
If you received a notice that your personal, financial, or health information was involved in the Apex Spine and Neurosurgery data breach, you may have the right to pursue legal action.
Data breach lawsuits are designed to hold organizations accountable when they fail to adequately protect sensitive information. Compensation in these cases may include reimbursement for financial losses, time spent dealing with identity theft, credit monitoring costs, and other damages related to the breach.
You do not have to handle this situation alone. Learning about your legal rights can help you take appropriate action and seek compensation for any potential harm caused by the breach.
Contact us at Class Action U, where we will connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received a notification, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner, and no obligation after speaking with someone from our team.
