DOCS Dermatology Group; Center for Neuropsychology and Learning Disclose Data Breaches
Central States Dermatology Services (DOCS Dermatology Group) in Ohio and The Center for Neuropsychology and Learning in Michigan have identified unauthorized access to patient data.
Central States Dermatology Services, Ohio
Central States Dermatology Services, LLC, doing business as DOCS Dermatology Group (DOCS), has disclosed a security incident that was identified on November 27, 2025. Suspicious activity was identified within its network, and, assisted by third-party cybersecurity experts, DOCS determined that an unauthorized third party had access to its network from November 19, 2025, to November 27, 2025.
The data review is ongoing, so the number of affected individuals had yet to be confirmed; however, DOCS has determined that the data compromised in the incident includes names in combination with one or more of the following: address, email address, phone number, date of birth, Social Security number, treatment/diagnosis information, prescription/medication information, dates of service, provider name, medical record number, patient account number, Medicare/Medicaid ID number, health insurance information, and/or medical billing/claims information. DOCS is reviewing its policies and procedures related to data security and has engaged cybersecurity experts to review its security measures and make enhancements to strengthen security. At the time of the announcement, DOCS had not identified any misuse of the affected information.
The Center for Neuropsychology and Learning, Michigan
The Center for Neuropsychology and Learning in Ann Arbor, Michigan, has discovered that a malicious cyber actor accessed a server containing the sensitive data of 3,722 of its clients. The unauthorized access was detected on November 10, 2025, and the forensic investigation confirmed that the server was accessed at some point between October 14 and October 31, 2025.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The server was analyzed and found to contain protected health information such as names, dates of birth, contact information, service type(s), and or test reports. Highly sensitive information, such as Social Security numbers, financial information, and therapy notes, was not stored on the server. The Center for Neuropsychology and Learning has confirmed that the threat has been fully mitigated, and notifications have been mailed to the affected individuals, who have been offered 12 months of complimentary credit monitoring and identity theft protection services as a precaution.
