Healthcare management firm QualDerm Partners has reported a significant data breach affecting the personal and medical information of over 3.1 million individuals. The breach occurred in December 2025, exposing sensitive details such as medical records and health insurance data.
Details of the Security Breach
QualDerm Partners identified the breach on December 24, 2025, when unauthorized access was detected on its network over a two-day period. The cyberattackers managed to extract data from a limited number of compromised systems, as confirmed by the company’s incident notification.
Among the stolen data were names, addresses, birth dates, email addresses, medical record numbers, healthcare provider names, treatment details, and in some instances, government-issued identification details. The company is continuing its investigation to fully understand the breach’s scope.
Company Response and Notifications
In the aftermath of the attack, QualDerm Partners enacted their response protocols, striving to limit further unauthorized activities. They evaluated their system security, informed law enforcement and regulatory bodies, and have begun notifying affected individuals.
The breach was officially reported to the US Department of Health and Human Services, impacting approximately 3,117,874 people. The incident has recently been recorded on the HHS breach portal.
Support and Future Outlook
To mitigate potential fallout for the affected individuals, QualDerm Partners is offering 12 months of complimentary identity theft protection and credit monitoring services. Based in Brentwood, Tennessee, the firm manages healthcare services in 158 practices across 17 states, encompassing areas like dermatology and plastic surgery.
This breach underscores the critical need for robust cybersecurity measures in the healthcare sector to protect sensitive personal information and maintain patient trust.
