PhyNet Dermatology Data Breach Exposes PHI & PII

On Nov. 7, 2024, PhyNet Dermatology LLC discovered suspicious activity involving an employee’s email account. Upon investigation, it was determined that a limited number of email accounts had been compromised.

A detailed, months-long review of the affected email accounts was completed on June 6, 2025. This review identified that patient information belonging to Premier Dermatology Partners, an affiliate of PhyNet, was involved.

The breach exposed personally identifiable information (PII) such as full name, address, Social Security number, financial account information, and date of birth, as well as protected health information (PHI) like medical history, treatment and diagnosis information, treating physician, medical record number, and health insurance details.

The breach was officially reported to the Massachusetts Attorney General’s office, and the company has posted a public notice on its website.

PhyNet's response

After discovering the breach, PhyNet Dermatology secured its systems and began a thorough investigation. The company reviewed its existing security policies and procedures, implemented enhancements to administrative and technical controls, and provided additional security training to its staff. These steps were taken to reduce the likelihood of similar incidents in the future.

To support those affected, PhyNet is offering complimentary credit monitoring and identity protection services through Epiq’s Privacy Solutions ID. Impacted individuals will need to enroll themselves in these services, which include credit monitoring, credit report and score access, up to $1 million in identity theft insurance, ID restoration services, dark web monitoring, lost wallet assistance, and personal information protection.

Individuals seeking further information or assistance can contact the dedicated call center at 877-250-2771, Monday through Friday, 9 am to 9 pm ET, or write to PhyNet at 302 Innovation Drive #400, Franklin, TN 37067.