173/69 Thursday, March 26, 2026
QualDerm Partners, a U.S.-based provider of dermatology clinic management services, has disclosed a data breach that occurred in December 2025, affecting more than 3.1 million individuals. The incident involved unauthorized access to the company’s internal systems, allowing attackers to exfiltrate sensitive data. QualDerm supports multiple dermatology clinics by providing administrative, clinical, and operational services, including patient data management, billing, and insurance processing.
The company detected suspicious activity on December 24, 2025, and confirmed that unauthorized access occurred between December 23–24, 2025. Following detection, QualDerm took steps to contain the incident and initiated an investigation with the assistance of cybersecurity experts. The types of data exposed vary by individual but may include full names, dates of birth, treating physicians, medical histories, diagnoses, health insurance information, and in some cases, government-issued identification such as driver’s license numbers.
QualDerm is currently notifying affected individuals and offering 12 months of credit monitoring and identity protection services. Although there is no evidence so far that the compromised data has been misused, affected individuals are advised to closely monitor their accounts, insurance claims, and Explanation of Benefits (EOB) statements for any suspicious activity, and report any anomalies to relevant authorities. According to the U.S. Department of Health and Human Services, the total number of individuals impacted by this breach is 3,117,874.