25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Data Breaches Announced by DermCare Management; Option Care Health; Aetna

Posted By on Apr 13, 2026

Data breaches have recently been announced by DermCare Management in Florida, Option Care Health in New York, and Aetna in Connecticut.

DermCare Management Discloses 2025 Hacking Incident

DermCare Management, a Florida-based provider of practice management services to dermatology practices in Florida, Texas, California, and Virginia, has identified unauthorized access to its computer systems. Suspicious activity was identified within its computer network on February 26, 2025, and, assisted by third-party digital forensics specialists, DermCare Management determined on March 3, 2025, that there had been unauthorized network access between February 14, 2025, and February 26, 2025. During that time, patient information was either accessed or acquired.

DermCare Management engaged data review specialists to determine the individuals affected and the types of data involved. Due to the complexity of the data, it took until March 2, 2026, to identify the individuals affected, the types of data involved, and obtain sufficient information to issue individual notification letters. DermCare Management confirmed that the information exposed or acquired in the incident included names, Social Security numbers, driver’s license numbers, credit and debit card information, financial account information, and medical information.

The affected individuals have been notified by mail and offered complimentary credit monitoring and identity restoration services. Regulators have been notified about the incident; however, the incident has yet to be added to the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected. DermCare Management operates more than 70 clinics, although not all were affected. The clinics currently known to have been affected are listed below.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

  • Berman Skin Institute, California
  • Dania Dermatology, Florida
  • Dermatology Treatment and Research Center, Texas
  • Florida Academic Dermatology Center, Florida
  • Hillcrest Plastic Surgery & Dermatology, Florida
  • Hollywood Dermatology, Florida
  • Keys Dermatology, Florida
  • Miami Plastic Surgery, Florida
  • Rendon Center for Dermatology & Aesthetic Medicine, Florida
  • Skin & Beauty Center, California
  • Skin Center of South Miami, Florida

Aetna Notifies 11,663 Individuals About Third-Party Mailing Error

The Hartford, CT-based health insurance provider Aetna recently disclosed two data breaches to the HHS’ Office for Civil Rights affecting 10,888 and 775 individuals. Both incidents were unauthorized access/disclosure incidents and occurred in 2025. There was no unauthorized access to its network or computer systems, as both incidents involved mailing errors involving a third-party vendor.

Aetna’s parent company, CVS Health, issued a statement confirming that the information disclosed as a result of the mailing error was minimal. The error occurred on mailings sent on behalf of two health plans and involved letters sent to a plan member that may have inadvertently included the name of another individual who was not a member of their health plan. Aetna has implemented additional measures to prevent similar incidents in the future, and while only minimal data was impermissibly disclosed, the affected individuals have been offered complimentary credit monitoring and identity theft protection services.

Option Care Health Identifies Unauthorized Email Access

Option Care Health, Inc., a Ridgewood, NY-based provider of home infusion services, has identified unauthorized access to an employee’s email account. The unauthorized access was detected on or around February 9, 2026, and the forensic investigation confirmed unauthorized access to the account between February 6, 2026, and February 9, 2026. The account was reviewed, and on February 26, 2026, Option Care Health confirmed that the information exposed in the incident included names, dates of birth, medical record numbers, and treatment information. Option Care Health has reviewed its technical security measures and has taken steps to prevent similar incidents in the future. The incident has been reported to regulators, but it is currently unclear how many individuals have been affected.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist