Data breach at Dermatologists of Birmingham exposes personal information of over 80,000 patients

Dermatologists of Birmingham said a data security incident it suffered earlier this year compromised the sensitive personal information of more than 80,000 individuals.

 

Shelby Dermatology, doing business as Dermatologists of Birmingham, operates two skin care clinics in Birmingham and Alabaster, Alabama.

 

In a data security incident notice published on its website, Dermatologists of Birmingham said that on March 7, it identified suspicious activity within its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Dermatologists of Birmingham then began a comprehensive review of the data set to determine what sensitive and/or personal information was impacted and to whom it related. On May 15, 2025, Dermatologists of Birmingham finished its review of the impacted information,” reads the notice.

 

The compromised data included names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, medical diagnosis, treatment information, and health insurance information.

 

The incident was reported to the U.S. Department of Health and Human Service Office for Civil Rights where Dermatologists of Birmingham said it has identified at least 86,414 individuals impacted by the incident.

 

“Dermatologists of Birmingham is committed to ensuring the security and privacy of all personal information in its control. Upon discovery of the Event, Dermatologists of Birmingham moved promptly to investigate and respond to the Event. Specifically, Dermatologists of Birmingham informed its law firm and began identifying the affected individuals in preparation for notice,” the Alabama skin care practice added.

 

Dermatologists of Birmingham have advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through TransUnion to all affected individuals.

 

 

In April, the Qilin ransomware group claimed responsibility for the cyber attack on Dermatologists of Birmingham and listed it as a victim on its data leak site. The group claimed to have exfiltrated 141 GB of data and threatened to release it publicly unless their ransom demands were met.