Dermatology Associates Data Breach: Possible Exposure of SSNs & Health Information

On Nov. 18, 2025, Dermatology Associates of Concord ("DAC"), a practice serving the greater Boston area, disclosed a data breach. DAC identified suspicious activity within its computer network. An investigation revealed that unauthorized actor gained access to a specific system and copied certain files within DAC’s network from September 18, 2025 to September 19, 2025.

The types of consumer information exposed in this incident includes names, addresses, dates of birth, driver's licenses, passport numbers, military idenitifcation number, taxpayer identification number, financial account information, payment card information, medical records, Social Security numbers, medical information, and health insurance information.

On Nov. 6, 2025, the ANUBIS ransomware group posted on the dark web that they had obtained data from Dermatology Associates, including patient records, test results, sensitive photos, addresses, phone numbers, emails, 20,000 insurance policies, and employee information.

The company’s detailed review is ongoing, but it has confirmed that information related to at least 15 individuals in Massachusetts was impacted. The number of people affected is subject to change.

The breach was reported to the Massachusetts Attorney General’s office on Nov. 18, 2025, as well as the New Hampshire Attorney General and the Vermont Attorney General's office on Dec. 2, 2025.

The company is notifying impacted individuals by mail. Additionally, the company has posted a notice of the data incident on its website.

Dermatology Associates of Concord’s response

Upon discovery of the breach, Dermatology Associates of Concord engaged cybersecurity experts to investigate the incident and determine the full scope of the attack. The company took steps to secure its environment, conducted a comprehensive review of the affected files, and notified law enforcement.

To assist those affected, Dermatology Associates of Concord is offering complimentary single bureau credit monitoring through Cyberscout for all impacted individuals.

If you receive notification from Dermatology Associates of Concord about this breach, you may want to:

• Sign up for the free credit monitoring services, offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

The company has provided a dedicated phone line at 1-800-405-6108 for questions and support, available Monday through Friday from 8 a.m. to 8 p.m. ET.