Brevard Skin Data Breach Exposes Data of 55K Patients & Employees

On Oct. 14, 2025, Brevard Skin and Cancer Center, a leading dermatology practice in Brevard County, Florida, discovered a significant data breach involving both patient and employee information of at least 55,500 individuals. The severity of this breach is heightened by the nature of the stolen data, which includes both personally identifiable information (PII) and protected health information (PHI).

The incident was traced back to unauthorized access that began around Sept. 28, 2025. The breach was the result of a ransomware attack carried out by the PEAR group, which claimed responsibility on a dark web posting dated Oct. 10, 2025. According to the threat actor, approximately 1.8 terabytes of data were exfiltrated, including financials, HR records, partner and vendor data, numerous patient PII and PHI records, payment details, mailboxes, email correspondence and database exports.

For current and former patients, the compromised data may include full names, dates of birth, home addresses, Social Security numbers, phone numbers, diagnosis and clinical information, email addresses and billing and claims details. For current and former employees, the exposed data may include full names, dates of birth, home addresses, Social Security numbers, phone numbers, health conditions included in FMLA forms and email addresses.

The company has posted a notice of data event on its website, notified impacted individuals by mail as well as disclosed the data breach to the Massachusetts, Vermont and Maine Attorney Generals' offices.

Brevard Skin and Cancer Center's response

Upon discovering the breach, Brevard Skin and Cancer Center immediately engaged cybersecurity experts to contain the incident and began a thorough investigation into the scope and impact. The organization took steps to secure its electronic environment, reported the incident to the FBI and began notifying affected individuals as required by law.

The company is also reviewing and enhancing its privacy and security policies and procedures to prevent future incidents. For those potentially affected, Brevard Skin and Cancer Center is offering 24 months of complimentary credit monitoring and identity protection services through IDX.

If you receive notification from Brevard Skin And Cancer Center or your provider about this breach, you may want to:

• Sign up for the free IDX identity theft protection services, offered by Brevard Skin And Cancer Center.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

Those with questions or who wish to enroll in the free identity protection service can call IDX at 833-779-4803, Monday through Friday from 9 a.m. to 9 p.m. ET. The deadline to enroll is Feb. 13, 2026.