Major Data Breach at Anne Arundel Dermatology Affects 1.9 Million Individuals
Discover the details of the Anne Arundel Dermatology data breach, which exposed personal and health data of 1.9 million people over three months.
TL;DR
Anne Arundel Dermatology experienced a significant data breach between February and May 2025, potentially exposing the personal and health information of 1.9 million individuals. The organization has taken steps to secure its systems and is offering impacted individuals 24 months of identity protection services.
Major Data Breach at Anne Arundel Dermatology Affects 1.9 Million Individuals
Anne Arundel Dermatology, a prominent dermatology group based in Maryland, recently reported a data breach that compromised the personal and health information of approximately 1.9 million individuals. The breach, which occurred between February 14 and May 13, 2025, highlights the growing concerns surrounding cybersecurity in the healthcare sector.
Overview of Anne Arundel Dermatology
Anne Arundel Dermatology is a well-established dermatology provider with a significant presence in the Mid-Atlantic and Southeastern United States. Founded over 50 years ago, the group operates more than 100 clinics across seven states, employing over 275 clinicians. The practice offers a comprehensive range of services, including medical, surgical, pediatric, cosmetic, and dermatopathology care.
Details of the Data Breach
The data breach at Anne Arundel Dermatology involved unauthorized access to its systems, which remained undetected for nearly three months. Upon discovering the intrusion, the organization swiftly secured its systems and initiated an investigation. The review confirmed that certain data files, potentially containing personal and health information, were accessible to the intruder during this period.
On May 20, 2025, Anne Arundel Dermatology determined that the compromised files included personal or health information. The organization sent a data breach notification to impacted individuals, stating:
“From the review, we determined on June 27, 2025, that the personal or health information affected may include yours. While we do not know whether the third party actually viewed or exfiltrated your information, we are sending you this notice as a precaution and to encourage you to take steps to monitor your information. At this time, we are not aware of any misuse of or fraudulent activity relating to anyone’s personal or health information as a result of this incident.”
According to the US Department of Health and Human Services, the data breach impacted more than 1.9 million individuals.
Recommendations for Affected Individuals
Anne Arundel Dermatology urges impacted individuals to remain vigilant for incidents of fraud and identity theft. The organization recommends regularly monitoring account statements and credit reports. Additionally, Anne Arundel Dermatology is offering 24 months of identity protection services to those affected.
Current Status and Future Implications
At present, no ransomware group has claimed responsibility for the attack. This incident underscores the critical need for robust cybersecurity measures in the healthcare industry. Healthcare providers must prioritize data protection to safeguard sensitive patient information from potential threats.
Related Cybersecurity Incidents
This week, the Stormous ransomware group claimed responsibility for the theft of personal and health data belonging to 600,000 patients from North Country HealthCare. Such incidents emphasize the increasing frequency and severity of cyber attacks targeting healthcare providers.
Follow for More Updates
For the latest updates on cybersecurity news, follow Pierluigi Paganini on Twitter, Facebook, and Mastodon.
For more details, visit the full article: source
Conclusion
The data breach at Anne Arundel Dermatology serves as a stark reminder of the importance of cybersecurity in healthcare. As the frequency of such incidents continues to rise, healthcare providers must implement stringent security protocols to protect patient data. Stay informed and vigilant to mitigate the risks associated with data breaches.
Additional Resources
For further insights, check:
- US Department of Health and Human Services Breach Portal
- Stormous Ransomware Group
- Pierluigi Paganini on LinkedIn