Mountain Laurel Dermatology Falls Victim to SAFEPAY Ransomware Attack

On May 12, 2025, Asheville-based Mountain Laurel Dermatology discovered a data breach that involved unauthorized access and exfiltration of both personally identifiable information (PII) and protected health information (PHI) belonging to patients.

The exposed data included names, Social Security numbers, check images, dates of birth, financial account information, and medical information such as medical treatment or diagnosis details. The variety of sensitive data compromised—especially Social Security numbers and medical records—raises the risk of identity theft and medical fraud for those affected.

An investigation by Claim Depot revealed an alleged ransomware attack carried out by a group known as SAFEPAY. This group claimed responsibility for the breach and posted about it on the dark web on June 23, 2025, stating they had obtained approximately 5 GB of the organization’s data. Their method involved encrypting and stealing sensitive files, which they then threatened to release unless a ransom was paid. It is unclear whether Mountain Laurel Dermatology paid the ransom demand.

The breach was formally disclosed to state authorities on July 11, 2025, and details about the incident can be found in the official data breach notice submitted to the Vermont Attorney General’s office. Additionally, Mountain Laurel Dermatology published information about the incident on their website’s consumer notice page.

Mountain Laurel Dermatology's response

After discovering the breach, Mountain Laurel Dermatology initiated an investigation and took steps to secure their systems. They have notified affected individuals and regulatory authorities in accordance with legal requirements.

Given the nature of the attack and the data exposed, those who may have been affected should take several precautionary steps:

• Monitor bank accounts and credit reports for suspicious activity
• Consider placing a fraud alert or credit freeze with major credit bureaus
• Be vigilant for phishing attempts or unsolicited communications referencing medical or financial information
• Review any correspondence from Mountain Laurel Dermatology for instructions on enrolling in identity theft protection or credit monitoring, if offered

More information about the clinic and its services can be found on the Mountain Laurel Dermatology website.