Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

QualDerm Partners December 2025 data breach impacts over 3 Million people

Over 3.1M people affected as QualDerm Partners suffered a December 2025 breach, exposing personal, medical, and health insurance data. Over 3.1 million people are affected by a December 2025 data breach at QualDerm Partners, where hackers stole personal, medical, and health insurance information from the company’s internal systems. QualDerm Partners is a U.S.-based healthcare management […]

Signature Healthcare

Over 3.1M people affected as QualDerm Partners suffered a December 2025 breach, exposing personal, medical, and health insurance data.

Over 3.1 million people are affected by a December 2025 data breach at QualDerm Partners, where hackers stole personal, medical, and health insurance information from the company’s internal systems.

QualDerm Partners is a U.S.-based healthcare management services provider offering comprehensive administrative, clinical, and operational support to dermatology practices. The company helps manage patient records, billing, insurance processing, and other essential services to improve efficiency and care quality across its network of dermatology clinics.

The company discovered the security breach on December 24, 2025, and reported unauthorized access to some QualDerm systems, which led to the theft of patient data. The company contained the breach, and launched a forensic investigation into the incident. Stolen information varies by individual and may include names, DOB, doctor, medical records, treatments, diagnoses, health insurance details, and, in rare cases, government IDs like driver’s license numbers.

“On December 24, 2025, QualDerm detected unauthorized activity on certain systems within our network. We promptly took steps to contain the activity and launched an investigation, with the support of a third-party cybersecurity forensics firm.” reads the data breach notification published by the company. “This investigation determined an unauthorized actor gained access to a limited number of systems within our network between December 23, 2025, and December 24, 2025, and removed certain information stored within those systems.”

The healthcare provider is notifying potentially affected individuals and offering 12 months of free identity theft and credit monitoring services. While no misuse has been reported, people are urged to monitor account statements and Explanation of Benefits forms and report any suspicious activity to the relevant institutions.

According to US Department of Health and Human Services, the data breach impacted 3,117,874 people.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Citrix )