HEALTHCARE management services provider QualDerm Partners is notifying more than 3.1 million people that their personal, medical, and health insurance information was stolen in a December 2025 data breach. The incident was discovered on December 24 and involved unauthorized access to its network for two days, with attackers exfiltrating data from a limited number of systems.
QualDerm told the US Department of Health and Human Services that 3,117,874 people were impacted by the attack, and the breach was added to the HHS breach portal this week. The stolen information includes names, addresses, dates of birth, email addresses, medical record numbers, doctor names, treatment and diagnosis information, health insurance information, dates of death, and, in some cases, government-issued ID information.
The company is offering 12 months of free identity theft and credit monitoring services to the affected individuals. QualDerm is headquartered in Brentwood, Tennessee, and provides services to 158 practices in 17 states across cosmetics, dermatology, pathology, plastic surgery, and skin cancer care. According to the incident notification, the investigation into the breach is ongoing.