Dermatology services giant operating in 17 states exposes data of 3.1 million - QualDerm #23162
Description
https://cybernews.com/security/qualderm-data-breach-3-1-million-17-states/
"The operations, finance, and IT services provider, which began sending out breach notification letters to patients this week, said it first became aware of the intrusion on December 24th, 2025.
With the help of outside cybersecurity specialists, investigators determined that “an unauthorized actor accessed a limited number of systems between December 23rd and December 24th, 2025, and removed certain information stored within those systems.” QualDerm said.
The breach was also reported to the US Department of Health and Human Services (HHS) Office for Civil Rights on February 22nd, as required by federal healthcare data-breach reporting rules.
In total, data on 3,117,874 individuals was compromised in the IT hacking incident, the HHS portal shows.
Together with Pinnacle Dermatology, the national skin care and aesthetics wellness brand, supports more than 158 practices and 350 dermatology providers, serving an average of 120,000 patients per month, according to its website.
QualDerm locations span 17 states across the Northeast, South, and Midwest, including Arizona, Illinois, Ohio, Tennessee, North Carolina, Pennsylvania, Michigan, Minnesota, New Jersey, and both Virginia and West Virginia.
The company says the data affected varies by individual but may include:
Patient name
Email address
Date of birth/date of death
Doctor name
Medical record number
Diagnosis and treatment information
Health insurance information
Government-issued identification information, such as a driver’s license number
The company did not mention whether the personally identifiable information of doctors or medical staff was also exposed in the breach, nor did it say how the attackers were able to breach its systems."
naics 62