QualDerm Partners, LLC Data Breach

QualDerm Partners, LLC (“QualDerm”) has announced a data privacy event involving unauthorized access to certain systems within its network. According to the notice, QualDerm detected malicious activity on December 24, 2025, and an investigation confirmed that an unauthorized actor accessed and removed information from specific systems between December 23–24, 2025.

Upon discovering the incident, QualDerm immediately contained the activity and engaged a third‑party cybersecurity forensics firm to assist with the investigation. The company then initiated a comprehensive review of affected data to determine what information was accessed and which patients were involved. While the detailed analysis is ongoing, QualDerm has begun notifying patients identified so far.

QualDerm Partners is a major, Nashville-based skin and aesthetics wellness company supporting 158+ practices across 17 states. They offer comprehensive dermatology, Mohs surgery, pathology, and cosmetic services. The company provides partnership models for dermatologists, including business management, HR, and marketing support.

The impacted data includes information belonging to current and former QualDerm patients stored within the affected systems at the time of the unauthorized access. QualDerm has reported the incident to federal law enforcement and regulatory authorities, enhanced its internal security protocols, and is reviewing existing safeguards to prevent similar incidents in the future. 

If you received a Data Breach Notification Letter from QualDerm, it confirms that your personal and/or health information may have been accessed and acquired by an unauthorized party.

What information is involved in the QualDerm Partners, LLC Data Breach?

Compromised information may include:

Your Personally Identifiable Information (PII) generally includes data such as names, addresses, account details, and other information that can be exploited by unauthorized actors. Even without confirmed misuse, exposure of this type of information increases risks of fraud, phishing attempts, or unauthorized account activity.

If Protected Health Information (PHI) was involved, this may include data protected by HIPAA and state privacy laws. Exposure of PHI elevates risks of medical‑related fraud, insurance misuse, or unauthorized access to health‑related services.

While QualDerm states it is unaware of any attempted or actual misuse of information, exposed PII and PHI—especially diagnosis, treatment, and insurance data—can increase risks of fraud, privacy intrusion, and improper use of medical records.

Individuals affected are encouraged to monitor Explanation of Benefits forms, medical statements, and account activity for any signs of unusual or unauthorized activity.

Residents of California benefit from enhanced privacy protections under the California Consumer Privacy Act (CCPA), which provides additional rights regarding the collection, storage, and protection of personal information. California residents may also have additional legal remedies when personal data is compromised in a breach.

QualDerm is offering complimentary credit monitoring and identity protection services to potentially impacted individuals and encourages careful review of financial and medical account records.

Contact the Data Breach Attorneys at Emery | Reddy today for a Free Case Review.