Dermatology management services giant QualDerm suffered a cyberattack in late 2025 which saw it lose sensitive personal and healthcare data on more than three million people.
The company is now notifying affected individuals by mail, noting in a breach notification letter that between December 23 and 24, 2025, a threat actor managed to access “a limited number of systems” and pull “certain information” stored within. That data includes a combination of people’s names, email addresses, dates of birth, medical record numbers, diagnosis and treatment information.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New Zealand: Second health provider, Canopy Health, hit in major cyber attack
January 12, 2026
Patients caught up in the CanopyHealth data breach are furious that it took the company six months to tell them about it. On Monday, it was revealed the leading private provider doing breast cancer diagnosis and treatment took six months to notify some patients or the public of a major cyber attack on its systems. In ...
- Instagram says there’s been ‘no breach’ despite password reset requests
January 11, 2026
Instagram says that although some users received suspicious-looking password reset requests, it has not been breached. That seemingly contradicts a Friday Bluesky post from antivirus software company Malwarebytes, which shared a screenshot of an email from Instagram informing users of a request to reset their password. The post claimed, “Cybercriminals stole the sensitive information of 17.5 ...
- UK government exempting itself from flagship cyber law inspires little confidence
January 10, 2026
From May’s cyberattack on the Legal Aid Agency to the Foreign Office breach months later, cyber incidents have become increasingly common in UK government. The scale extends far beyond these high-profile cases: the NCSC reports that 40 percent of attacks it managed between September 2020 and August 2021 targeted the public sector, a figure expected to ...
- Illinois health department exposed over 700,000 residents’ personal data for years
January 8, 2026
The health department for the U.S. state of Illinois has confirmed that a years-long security lapse exposed the personal information of more than 700,000 state residents. The Illinois Department of Human Services (IDHS) said in a statement on January 2 that an internal mapping website containing residents’ personal information, which officials used for assisting with the ...
- One million customers on alert as extortion group claims massive Brightspeed data haul
January 7, 2026
US fiber broadband company Brightspeed is investigating claims by the Crimson Collective extortion group that it stole sensitive data belonging to more than 1 million residential customers, including extensive personally identifiable information (PII), as well as account and billing details. Brightspeed is one of the largest fiber broadband providers in the US and serves customers across ...
- Hacktivist deletes white supremacist websites live onstage during hacker conference
January 5, 2026
A hacktivist remotely wiped three white supremacist websites live onstage during their talk at a hacker conference last week, with the sites yet to return online. The pseudonymous hacker, who goes by Martha Root — dressed as Pink Ranger from the Power Rangers — deleted the servers of WhiteDate, WhiteChild, and WhiteDeal in real time ...