Over 3.1M people affected as QualDerm Partners suffered a December 2025 breach, exposing personal, medical, and health insurance data.
Over 3.1 million people are affected by a December 2025 data breach at QualDerm Partners, where hackers stole personal, medical, and health insurance information from the company’s internal systems.
QualDerm Partners is a U.S.-based healthcare management services provider offering comprehensive administrative, clinical, and operational support to dermatology practices. The company helps manage patient records, billing, insurance processing, and other essential services to improve efficiency and care quality across its network of dermatology clinics.
The company discovered the security breach on December 24, 2025, and reported unauthorized access to some QualDerm systems, which led to the theft of patient data. The company contained the breach, and launched a forensic investigation into the incident. Stolen information varies by individual and may include names, DOB, doctor, medical records, treatments, diagnoses, health insurance details, and, in rare cases, government IDs like driver’s license numbers.
“On December 24, 2025, QualDerm detected unauthorized activity on certain systems within our network. We promptly took steps to contain the activity and launched an investigation, with the support of a third-party cybersecurity forensics firm.” reads the data breach notification published by the company. “This investigation determined an unauthorized actor gained access to a limited number of systems within our network between December 23, 2025, and December 24, 2025, and removed certain information stored within those systems.”
The healthcare provider is notifying potentially affected individuals and offering 12 months of free identity theft and credit monitoring services. While no misuse has been reported, people are urged to monitor account statements and Explanation of Benefits forms and report any suspicious activity to the relevant institutions.
According to US Department of Health and Human Services, the data breach impacted 3,117,874 people.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Citrix )
