U.S. Dermatology Partners Data Breach Exposes Patients' Sensitive Info

On June 19, 2024, U.S. Dermatology Partners experienced a data breach involving unauthorized access to their network. According to the company’s official notice of data incident, an external party infiltrated the organization’s systems and transferred certain files to an external destination on the same day.

This incident was detected on the same day, prompting immediate action to secure the network and launch a comprehensive investigation with the help of external forensic experts.

The files accessed by the unauthorized party contained a range of sensitive information including names, dates of birth, medical record numbers, health insurance information, details about the dermatology services received, Social Security numbers and driver’s license numbers.

The investigation into the full scope of the breach was completed on April 2, 2025. Although the company has not disclosed the exact number of individuals affected, the scale of the organization suggests that a significant number of patients may have had their data compromised.

The severity of the breach is underscored by the involvement of the BlackBasta ransomware group, which claimed responsibility for the attack and threatened to publish the stolen data on the dark web. The group’s posting appeared on the Tor network on July 15, 2024, stating their intent to release the data within a week if their demands were not met.

U.S. Dermatology Partners's response

To support those affected, the company began mailing notification letters to impacted patients on May 30, 2025. Individuals whose Social Security numbers or driver’s license numbers were involved are being offered complimentary credit monitoring and identity protection services. U.S. Dermatology Partners has also established a dedicated, toll-free call center at 855-260-8481, available Monday through Friday from 8 a.m. to 8 p.m. Central Time, to answer questions and provide assistance.

Given the nature of the breach, patients are strongly encouraged to:

• Carefully review statements from their health insurer and report any unfamiliar services.
• Take advantage of the free credit monitoring and identity protection services if eligible.
• Remain vigilant for signs of identity theft or fraud, especially if their Social Security or driver’s license numbers were involved.

The company has also implemented additional security measures to further strengthen its information technology systems and safeguard patient data against future incidents.

For more information about their services and locations, visit the U.S. Dermatology Partners website.