Millions possibly affected by data breach at dermatology giant QualDerm
- QualDerm cyberattack exposed sensitive healthcare and personal data of 3.1 million people
- Breach included names, medical records, insurance info, and government IDs
- No evidence of misuse yet; company reported incident to HHS and is notifying affected individuals
Dermatology management services giant QualDerm suffered a cyberattack in late 2025 which saw it lose sensitive personal and healthcare data on more than three million people.
The company is now notifying affected individuals by mail, noting in a breach notification letter that between December 23 and 24, 2025, a threat actor managed to access “a limited number of systems” and pull “certain information” stored within.
That data includes a combination of people’s names, email addresses, dates of birth, their doctor’s name, medical record numbers, diagnosis and treatment information, health insurance information, and government-issued ID numbers or driver’s license numbers. Not every individual lost all this information, though.
Article continues below
No attribution yet
This information is highly sensitive and can be used for devastating effect. For example, a threat actor can identify contact information of a CEO in a large company, and use a convincing phishing lure to gain access, drop ransomware, and demand payment. They can also extort people who are trying to keep their medical conditions private.
QualDerm also reported the breach to the US Department of Health and Human Services (HHS) Office for Civil Rights, whom it told that exactly 3,117,874 individuals were affected.
At the moment of writing, there is no evidence of the data being abused in real-life attacks, and no threat actors have claimed responsibility for the breach just yet. We also don’t know if the attackers reached out to QualDerm asking for ransom in exchange for deleting the files. The company also did not say how the crooks broke in.
QualDerm provides administrative, financial, and IT services to affiliated skin care practices, serving dermatologists and clinics across 17 states, supporting over 150 practices and treating more than 120,000 patients monthly.
Via Cybernews
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
QualDerm cyberattack exposed sensitive healthcare and personal data of 3.1 million people Breach included names, medical records, insurance info, and government IDs No evidence of misuse yet; company reported incident to HHS and is notifying affected individuals Dermatology management services giant QualDerm suffered a cyberattack in late 2025 which saw…
