Cyber attack on QualDerm Partners exposes personal information of millions

News21 May 2026

Tennessee-based QualDerm Partners said that a data security incident it suffered last year compromised the sensitive personal information of more than 3.1 million individuals.

QualDerm Partners is a U.S.-based healthcare company that supports dermatology practices by providing administrative and operational services, helping physicians deliver medical, cosmetic, and surgical skin care services.

In a data security incident notice published on its website, QualDerm said that on December 24, it identified unusual activity in its internal network. The healthcare management company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

“This investigation determined an unauthorised actor gained access to a limited number of systems within our network between December 23, 2025, and December 24, 2025, and removed certain information stored within those systems,” QualDerm said.

The compromised information included patient names, dates of birth, doctor names, medical record numbers, dates of death, email addresses, treatment information, diagnosis information, health insurance information and driver’s license numbers. In a filing with the U.S. Department of Health and Human Services Office for Civil Rights, QualDerm said it has identified at least 3,117,874 individuals who were impacted by the data breach.

“Upon learning of this incident, we moved quickly to investigate and respond to the incident, assess the security of our systems, and notify those impacted by this event. We also provided notice to federal law enforcement and required regulatory agencies. As part of our ongoing commitment to the privacy of personal information in our care, we are reviewing our existing policies and procedures regarding information security, as well,” QualDerm added.

The healthcare management company has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. It has also offered complimentary identity protection and credit monitoring services to all affected individuals.

At the time of publishing, no known hacker group has claimed responsibility for the cyber attack on QualDerm. The healthcare management service provider also did not share details on who was behind the attack, how much data was compromised, or whether it had received a ransom demand.