Dermatology Associates Data Breach: Protected Health Information of 63k People Exposed

On Aug. 4, 2025, Dermatology Associates, based in Louisville, Kentucky, discovered suspicious activity in its computer systems. An investigation, supported by third-party cybersecurity specialists, revealed that an unauthorized actor had accessed certain internal systems between June 4 and Aug. 5, 2025.

According to the data breach notice posted to the company's website, the information at risk includes both personally identifiable information (PII) and protected health information (PHI) including name, address, driver’s license number, date of birth, telephone number, physician name, billing and claims information, patient ID or account number, and health insurance information.

The breach was reported to the U.S. Dept. of Health and Human Services on Oct. 3, 2025, and updated on March 4, 2026. Additionally, the breach was disclosed to the Massachusetts Office of Consumer Affairs and Business Regulation and the New Hampshire Attorney General.

The breach potentially exposed sensitive information belonging to 63,657 total individuals, including at least three New Hampshire residents and five Massachusetts residents.

Dermatology Associates' response

Dermatology Associates is providing information and guidance to potentially impacted individuals through its website, a toll-free assistance line at 1-833-519-0382, and by notifying government regulators.

Individuals are encouraged to monitor their credit reports, account statements, and health insurance explanations of benefits for any unusual activity. Steps such as placing a fraud alert or credit freeze with the major credit bureaus are recommended precautionary measures.

The company’s notice includes detailed instructions and contact information for Equifax, Experian, and TransUnion, as well as guidance from the Federal Trade Commission on protecting against identity theft.