Over 3.1 million patients affected by major data breach at dermatology management firm QualDerm Partners

Key points

• Hackers gained unauthorized access to QualDerm Partners' internal systems between December 23 and December 24, 2025.
• The stolen data includes sensitive personal information such as names, dates of birth, medical records, diagnoses, and health insurance details.
• In some instances, government-issued identification, such as driver’s license numbers, was also compromised.
• QualDerm has contained the breach and is currently notifying the 3.1 million affected individuals.
• The company is offering one year of free identity theft and credit monitoring services to those impacted.

This incident highlights the ongoing vulnerability of healthcare management providers, whose centralized databases make them high-value targets for cybercriminals. Patients should remain vigilant by reviewing their medical billing statements and credit reports for any signs of fraudulent activity.