New Age Dermatology Data Breach Exposes 8,387 Patients

New Age Dermatology LLC, a dermatology practice based in Apex, North Carolina, disclosed a data breach that affected 8,387 individuals in the United States.

The breach was reported to the Massachusetts Office of Consumer Affairs and Business Regulation on Feb. 19, 2026, with 29 Massachusetts residents identified as affected.

It was also reported to the Indiana Attorney General on Feb. 23, 2026, with four Indiana residents identified as affected.

What happened in the New Age Dermatology data breach

On or about Dec. 30, 2025, New Age Dermatology identified a cybersecurity incident involving ransomware that affected the practice's internal server, according to the company's notification to consumers. Upon discovery, the practice took steps to secure its systems and engaged cybersecurity professionals to investigate the incident.

The affected server became inoperable and inaccessible as a result of the attack. Because of this, the investigation had not yet determined what specific information may have been involved for each individual at the time notifications were sent. However, the company stated there was no evidence that its electronic health record system was compromised.

The types of personally identifiable information (PII) and protected health information (PHI) potentially exposed included names, dates of birth, Social Security numbers, medical or treatment information, diagnostic images and photographs.

New Age Dermatology's response to the breach

New Age Dermatology is offering affected individuals 12 months of free identity theft protection services through IDX, a data breach and recovery services provider. The services include credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy and fully managed identity theft recovery services.

If an affected individual's identity is compromised, IDX representatives will help resolve the issues.

Affected individuals can enroll by calling the toll-free number provided in their notification letter, visiting the IDX enrollment website listed in the letter or scanning the QR code included with the letter.

Each individual received a unique enrollment code printed at the top of their notification.

IDX representatives are available Monday through Friday from 9 a.m. to 9 p.m. Eastern Time. The notification letter also includes a deadline by which individuals must enroll.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze with Equifax (1-866-349-5191), Experian (1-888-397-3742) or TransUnion (1-800-680-7289), as contacting one bureau will notify the other two.
• Request free credit reports at AnnualCreditReport.com and review them for any unfamiliar accounts or inquiries.
• Monitor health insurance statements for any medical services, prescriptions or equipment not actually received, since exposed medical information could be used for medical identity fraud.
• Watch for phishing attempts that reference New Age Dermatology or this data breach by name, as scammers often try to exploit breach notifications through fake emails, calls or letters.
• Report suspected identity theft to local law enforcement or the Federal Trade Commission at 1-877-438-4338 if any signs of fraud are discovered.