- QualDerm cyberattack exposed sensitive health and personal data of 3.1 million people
- The breach included names, medical records, insurance information and government IDs
- No evidence of misuse yet; the company has reported the incident to HHS and is notifying affected individuals
Dermatology management services giant QualDerm suffered a cyberattack in late 2025 that caused it to lose sensitive personal and health data on more than three million people.
The company is now notifying affected individuals by mail, noting in a breach notification letter that between December 23 and 24, 2025, a malicious actor managed to access “a limited number of systems” and extract “certain information” stored there.
This data includes a combination of individuals’ names, email addresses, dates of birth, their doctor’s name, medical record numbers, diagnosis and treatment information, health insurance information, and government-issued identification numbers or driver’s license numbers. However, not all individuals have lost all this information.
Article continues below
No attribution yet
This information is very sensitive and can be used for devastating purposes. For example, a malicious actor might identify the contact details of a CEO at a large company and use a convincing phishing lure to gain access, drop ransomware, and demand payment. They can also extort people who try to keep their health issues private.
QualDerm also reported the breach to the U.S. Department of Health and Human Services (HHS) Office of Civil Rights, where it indicated that exactly 3,117,874 people were affected.
As of this writing, there is no evidence of data misuse in actual attacks, and no malicious actors have yet claimed responsibility for the breach. We also don’t know if the attackers contacted QualDerm to demand a ransom in exchange for deleting the files. The company also didn’t say how the scammers broke in.
QualDerm provides administrative, financial and IT services to affiliated skin care practices, serving dermatologists and clinics in 17 states, supporting more than 150 practices and treating more than 120,000 patients per month.
Via Cybernews
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
