QualDerm Partners Data Breach Affects More Than 3 Million Individuals
In late February, The HIPAA Journal reported on a QualDerm Partners data breach, the scale of which was currently unknown, except that it affected 174,837 Texas residents. The data breach was likely to have affected considerably more individuals, given that QualDerm Partners does business in 17 U.S. states and serves more than 15 million patients annually.
The scale of the data breach is now clearer, as the Oregon Attorney General and the HHS’ Office for Civil Rights have been notified that 3,117,874 individuals have been affected. Notification letters started to be mailed to those individuals on February 22, 2026.
February 25, 2026: QualDerm Partners Confirms Significant Data Breach
QualDerm Partners, LLC, a provider of healthcare management services to 158 dermatology and skin care practices in 17 U.S. states, has announced a security incident involving unauthorized access to its computer network. Unauthorized network activity was identified on December 24, 2025, and immediate action was taken to contain the incident and secure its network and computer systems. Third-party cybersecurity experts were engaged to conduct a forensic investigation to determine the nature and scope of the unauthorized activity. The investigation confirmed unauthorized access to its network between December 23 and December 24, 2025. During that time, files containing sensitive data were exfiltrated from its network.
The data review is ongoing to determine the individuals and types of information involved. So as not to unduly delay notifications, QualDerm Partners is mailing notification letters to the affected individuals on a rolling basis. Data compromised in the incident varies from individual to individual, and may include names, email addresses, dates of birth/death, doctor names, medical record numbers, diagnoses, treatment information, and health insurance information. A very small subset of individuals may also have had their government-issued identification information, such as driver’s license numbers, compromised in the incident.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
QualDerm Partners said it is reviewing its policies, procedures, and protocols related to data security, and while no misuse of patient data has been identified, the affected individuals have been offered complimentary credit monitoring and identity theft protection services. QualDerm Partners has yet to publicly confirm exactly how many individuals have been affected, and the incident is not yet shown on the HHS’ Office for Civil Rights breach portal. This does appear to be a significant data breach, as the Texas Attorney General has been informed that 174,837 Texas residents have been affected. Since QualDerm Partners works with dermatology practices in 17 U.S. states, the total number of affected individuals is likely to be considerably higher.
This post will be updated when further information becomes available.
