Data breach at Skin care service QualDerm compromised over 3.1 million patients' health data

U.S.-based dermatology services provider QualDerm Partners said it suffered a major data breach in December that compromised the personal and sensitive healthcare information of more than 3 million patients. 

 

The healthcare company, that offers dermatology, skin cancer care, cosmetics, plastic surgery and pathology services to 158 dermatology and skin care practices in 17 U.S. states, recently announced that it experienced unauthorised access to some of its internal systems that enabled a third party to steal the sensitive personal and healthcare information of patients.

 

The company said in a data breach incident notice on its website that the unauthorised access occurred between December 23 and December 24, 2025 and malicious actors used their access to steal patients’ names, dates of birth, names of doctors, medical record numbers, dates of death (if applicable), email addresses, treatment information, diagnosis and health insurance information, and government-issued identification information.

 

"Upon learning of this incident, we moved quickly to investigate and respond to the incident, assess the security of our systems, and notify those impacted by this event," QualDerm Partners said. "We also provided notice to federal law enforcement and required regulatory agencies. As part of our ongoing commitment to the privacy of personal information in our care, we are reviewing our existing policies and procedures regarding information security, as well."

 

The firm said that even though it is unaware of any misuse of the stolen information, it is offering  potentially impacted individuals with access to complimentary credit monitoring and identity protection services out of an abundance of caution.

 

QualDerm Partners recently notified the Oregon Department of Justice that the data security incident compromised the personal and sensitive healthcare information of 3,117,874 patients. The total number of affected patients also included 174,837 Texas residents based on the firm’s breach reporting to the Texas attorney general.

 

According to QualDerm, the firm’s internal investigation into the data security incident is currently ongoing, incidating that the declared number of affected patients could rise once the investigation is completed.