Dermatology Associates Data Breach Exposes Protected Health Information

On Aug. 4, 2025, Dermatology Associates, based in Louisville, Kentucky, discovered suspicious activity in its computer systems. An investigation, supported by third-party cybersecurity specialists, revealed that an unauthorized actor had accessed certain internal systems between June 4 and Aug. 5, 2025.

According to the data breach notice posted to the company's website, the information at risk includes both personally identifiable information (PII) and protected health information (PHI) including name, address, driver’s license number, date of birth, telephone number, physician name, billing and claims information, patient ID or account number, and health insurance information.

The breach potentially exposed sensitive information belonging to 501 individuals in the United States.

The breach was reported to the U.S. Dept. of Health and Human Services on Oct. 3, 2025, with a placeholder number of 501 people affected.

Dermatology Associates's response

After detecting the breach, Dermatology Associates quickly launched an internal investigation and brought in cybersecurity experts to determine the scope and impact of the incident. The practice is currently reviewing the affected data to identify which individuals were impacted and what information was involved. Once this process is complete, written notifications will be mailed directly to those affected.

In the meantime, the company is providing information and guidance to potentially impacted individuals through its website, a toll-free assistance line at 1-833-519-0382, and by notifying government regulators. Dermatology Associates is also reviewing and strengthening its administrative and technical safeguards to help prevent similar incidents in the future.

Given the nature of the breach, individuals are encouraged to monitor their credit reports, account statements, and health insurance explanations of benefits for any unusual activity. Steps such as placing a fraud alert or credit freeze with the major credit bureaus are recommended precautionary measures. The company’s notice includes detailed instructions and contact information for Equifax, Experian, and TransUnion, as well as guidance from the Federal Trade Commission on protecting against identity theft.