- QualDerm cyberattack exposed sensitive personal and health data of 3.1 million people
- The breach included names, medical records, insurance information and government IDs.
- There is no evidence of misuse yet; The company reported the incident to HHS and is notifying affected individuals.
Dermatology management services giant QualDerm suffered a cyberattack in late 2025 in which it lost sensitive personal and health data of more than three million people.
The company is now notifying affected individuals by mail, noting in a breach notification letter that between December 23 and 24, 2025, a threat actor managed to access “a limited number of systems” and extract “certain information” stored on them.
That data includes a combination of people’s names, email addresses, dates of birth, their doctor’s name, medical record numbers, diagnosis and treatment information, health insurance information, and government-issued identification numbers or driver’s license numbers. However, not all individuals lost all of this information.
Article continues below.
No attribution yet
This information is very sensitive and can be used with devastating effects. For example, a threat actor may identify the contact information of a CEO of a large company and use a convincing phishing lure to gain access, remove ransomware, and demand payment. They can also extort money from people who try to keep their medical conditions private.
QualDerm also reported the breach to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights, telling it that exactly 3,117,874 people were affected.
As of this writing, there is no evidence that data has been abused in real-life attacks, and no threat actors have claimed responsibility for the breach at this time. We also don’t know if the attackers approached QualDerm asking for a ransom in exchange for deleting the files. The company also did not say how the criminals entered.
QualDerm provides administrative, financial and IT services to affiliated skin care practices, serving dermatologists and clinics in 17 states, supporting more than 150 practices, and treating more than 120,000 patients monthly.
Through cyber news
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
