Steve Alder writes:
Several dermatology practices have recently announced data breaches following an attack on their management company. The number of attacks reported this year by dermatology practices suggests they are being targeted by one or more threat actors.
In May 2025, DermCare Management, a Florida-based company that provides support services for dermatologists and dermatology specialists, notified the HHS’ Office for Civil Rights (OCR) about a network server hacking/IT incident, using a placeholder estimate of 501 affected individuals as the number of affected individuals had yet to be established. Several of the affected practices have now issued substitute breach notifications about the incident.
At least 10 of DermCare Management’s 60 facilities in multiple states have confirmed their patient data was involved in the breach, as HIPAA Journal reports:
- Miami Plastic Surgery, Florida
- Keys Dermatology, Florida
- Hollywood Dermatology, Florida
- Jacksonville Beach Dermatology, Florida
- Skin Center of South Miami, Florida
- Florida West Coast Skin Center, Florida
- Dania Dermatology, Florida
- Florida Academic Dermatology Center, Florida
- Rendon Center, Florida
- Dermatology Treatment and Research Center, Texas