Ann Arbor Dermatology Data Breach Impacts 1.9 Million People
A shocking data breach has affected over 1.9 million individuals, leaving many worried about the potential exposure of their personal and health information. Anne Arundel Dermatology (AAD), a physician-owned and managed dermatology group based in Maryland, fell victim to a three-month hacking incident.
Founded over 50 years ago, AAD is one of the largest dermatology providers in the Mid-Atlantic and Southeastern United States, operating more than 100 clinics across seven states with over 275 clinicians. The practice offers a comprehensive range of services, including medical, surgical, pediatric, cosmetic, and dermatopathology care.
The data breach was detected after AAD's systems were breached for three months, between February 14 and May 13, 2025. Following the incident, the organization quickly secured its systems and launched an investigation into the breach. The review revealed that certain data files were accessible to the intruder during this period.
On May 20, 2025, AAD determined that some of the compromised files contained personal or health information. After further analysis, it was confirmed that the personal or health information affected may include individuals. "From the review, we determined on June 27, 2025, that the personal or health information affected may include your," reads the data breach notification sent to impacted individuals.
"While we do not know whether the third party actually viewed or exfiltrated your information, we are sending you this notice as a precaution and to encourage you to take steps to monitor your information. At this time, we are not aware of any misuse of or fraudulent activity relating to anyone's personal or health information as a result of this incident," stated AAD.
According to the US Department of Health and Human Services, the Anne Arundel Dermatology data breach impacted over 1.9 million individuals. Customers are advised to remain vigilant for incidents of fraud and identity theft. The organization recommends regularly reviewing account statements and monitoring free credit reports.
AAD offers impacted individuals 24 months of identity protection services as a precautionary measure. Unfortunately, no known ransomware group has claimed responsibility for the attack at this time. However, this week saw another high-profile data breach, with Stormous ransomware group claiming the theft of personal and health data belonging to 600,000 patients from health provider North Country HealthCare.
Stay informed about the latest cybersecurity threats and trends by following me on Twitter (@securityaffairs), Facebook, and Mastodon (SecurityAffairs – hacking, Anne Arundel Dermatology).
What You Can Do to Protect Yourself:
- Regularly review account statements and monitor free credit reports.
- Set up alerts for suspicious transactions or activity on your accounts.
- Consider using identity theft protection services, such as AAD's 24-month offer.
- Stay vigilant for incidents of fraud and identity theft.
Stay Up-to-Date:
For the latest news and updates on data breaches and cybersecurity threats, follow me on Twitter (@securityaffairs), Facebook, and Mastodon (SecurityAffairs – hacking, Anne Arundel Dermatology).
Don't miss out on essential tips and advice on how to protect yourself from cyber threats. Subscribe to our newsletter for regular updates and insights.