Millions possibly affected by data breach at dermatology giant QualDerm

News
By published

QualDerm is notifying people about a data breach

Laboratory
(Image credit: Pixabay)
  • QualDerm cyberattack exposed sensitive healthcare and personal data of 3.1 million people
  • Breach included names, medical records, insurance info, and government IDs
  • No evidence of misuse yet; company reported incident to HHS and is notifying affected individuals

Dermatology management services giant QualDerm suffered a cyberattack in late 2025 which saw it lose sensitive personal and healthcare data on more than three million people.

The company is now notifying affected individuals by mail, noting in a breach notification letter that between December 23 and 24, 2025, a threat actor managed to access “a limited number of systems” and pull “certain information” stored within.

That data includes a combination of people’s names, email addresses, dates of birth, their doctor’s name, medical record numbers, diagnosis and treatment information, health insurance information, and government-issued ID numbers or driver’s license numbers. Not every individual lost all this information, though.

Article continues below

No attribution yet

This information is highly sensitive and can be used for devastating effect. For example, a threat actor can identify contact information of a CEO in a large company, and use a convincing phishing lure to gain access, drop ransomware, and demand payment. They can also extort people who are trying to keep their medical conditions private.

QualDerm also reported the breach to the US Department of Health and Human Services (HHS) Office for Civil Rights, whom it told that exactly 3,117,874 individuals were affected.

At the moment of writing, there is no evidence of the data being abused in real-life attacks, and no threat actors have claimed responsibility for the breach just yet. We also don’t know if the attackers reached out to QualDerm asking for ransom in exchange for deleting the files. The company also did not say how the crooks broke in.

QualDerm provides administrative, financial, and IT services to affiliated skin care practices, serving dermatologists and clinics across 17 states, supporting over 150 practices and treating more than 120,000 patients monthly.

Via Cybernews

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.