- QualDerm cyber attack exposed sensitive health and personal data of 3.1 million people
- The breach included names, medical records, insurance information and public IDs
- No evidence of abuse yet; The company reported the incident to HHS and is notifying affected individuals
Dermatology management services giant QualDerm suffered a cyberattack in late 2025, losing sensitive personal and health data on more than three million people.
The company is now notifying affected individuals via email and notes in a breach letter that between December 23 and 24, 2025, a threat actor managed to gain access to “a limited number of systems” and extract “certain information” stored therein.
This data includes a combination of individuals’ names, email addresses, dates of birth, their doctor’s name, medical record numbers, diagnosis and treatment information, health insurance information, and government-issued ID numbers or driver’s license numbers. However, not all individuals lost all of this information.
The article continues below
No attribution yet
This information is very sensitive and can be used to destructive effect. For example, a threat actor could identify the contact information of a CEO of a large company and use a convincing phishing lure to gain access, drop the ransomware, and demand payment. They can also extort people who try to keep their medical conditions private.
QualDerm also reported the breach to the US Department of Health and Human Services (HHS) Office for Civil Rights, which it said exactly 3,117,874 people were affected.
At the time of writing, there is no evidence that data has been misused in real attacks, and no threat actors have claimed responsibility for the breach yet. We also don’t know if the attackers reached out to QualDerm and asked for a ransom in exchange for deleting the files. The company also did not say how the crooks broke in.
QualDerm provides administrative, financial and IT services to affiliated skin care practices, serving dermatologists and clinics across 17 states, supporting over 150 practices and treating more than 120,000 patients each month.
Via Cyber news
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
