Dermatology Associates of Concord, a Massachusetts-based dermatology practice with locations in Concord, Cambridge, and Waltham, suffered a data breach in September 2025. An unauthorized actor infiltrated their systems between September 18–19, 2025, copying sensitive files. The breach exposed personally identifiable information (PII) of at least 15 individuals, including names, addresses, phone numbers, dates of birth, Social Security numbers, medical records, and health insurance details. The incident was reported to the Massachusetts Attorney General’s Office on November 18, 2025. Affected individuals face risks of identity theft, financial fraud, and emotional distress, with potential eligibility for compensation through legal action. The practice offered free identity theft protection services (IDX) to mitigate harm, but the long-term consequences of exposed medical and financial data remain a critical concern. The investigation remains ongoing, suggesting the scope of the breach may expand.
Source: https://www.claimdepot.com/investigations/dermatology-associates-data-breach-2025
APDerm cybersecurity rating report: https://www.rankiteo.com/company/apderm
"id": "APD4192841112025",
"linkid": "apderm",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least 15 individuals '
'(potentially more under '
'investigation)',
'industry': 'Healthcare (Dermatology)',
'location': ['Concord, Massachusetts',
'Cambridge, Massachusetts',
'Waltham, Massachusetts'],
'name': 'Dermatology Associates of Concord',
'type': 'Medical Practice'}],
'customer_advisories': ['Free identity theft protection services (IDX) '
'offered.',
'Guidance on monitoring accounts, fraud alerts, and '
'credit reports.',
'Legal options for compensation (e.g., out-of-pocket '
'expenses, emotional distress).'],
'data_breach': {'data_exfiltration': 'Yes (files copied from the network)',
'number_of_records_exposed': 'At least 15 (investigation '
'ongoing)',
'personally_identifiable_information': ['Name',
'Address',
'Phone number',
'Date of birth',
'Social Security '
'number',
'Medical information',
'Health insurance '
'information'],
'sensitivity_of_data': 'High (includes SSN, medical, and '
'health insurance data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-09-19',
'description': 'Dermatology Associates of Concord, a medical practice serving '
'the greater Boston area since 1972, discovered suspicious '
'activity on its computer systems on September 19, 2025. An '
'investigation revealed that an unauthorized actor accessed '
'and copied files from the network between September 18 and '
'19, 2025. The breach exposed sensitive personally '
'identifiable information (PII) and medical data of at least '
'15 individuals in Massachusetts, with the potential for more '
'victims as the investigation continues. The incident was '
'reported to the Massachusetts Attorney General’s Office on '
'November 18, 2025.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive patient data',
'data_compromised': ['Name',
'Address',
'Phone number',
'Date of birth',
'Social Security number',
'Medical information',
'Health insurance information'],
'identity_theft_risk': 'High (PII and medical data exposed)',
'legal_liabilities': 'Ongoing investigation; potential lawsuits '
'for compensation (e.g., reimbursement for '
'out-of-pocket expenses, emotional distress)',
'systems_affected': 'Specific computer systems (details '
'undisclosed)'},
'investigation_status': 'Ongoing (potential for additional victims)',
'ransomware': {'data_exfiltration': 'Yes (files copied)'},
'recommendations': ['Sign up for free IDX identity theft protection services '
'offered by Dermatology Associates of Concord.',
'Monitor financial accounts for suspicious activity.',
'Place a fraud alert with credit bureaus.',
'Request free annual credit reports.',
'Seek legal counsel for potential compensation.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuits '
'(investigation by Shamis & '
'Gentile P.A.)',
'regulatory_notifications': 'Reported to the '
'Massachusetts Attorney '
'General’s Office '
'(2025-11-18)'},
'response': {'communication_strategy': 'Notices sent to affected individuals; '
'public advisory via Shamis & Gentile '
'P.A.',
'incident_response_plan_activated': 'Yes (investigation '
'conducted with third-party '
'cybersecurity experts)',
'recovery_measures': 'Offered free IDX identity theft protection '
'services to affected individuals',
'third_party_assistance': 'Yes (cybersecurity experts involved)'},
'stakeholder_advisories': 'Notices sent to affected individuals; public '
'advisory via Shamis & Gentile P.A.',
'threat_actor': 'Unauthorized actor',
'title': 'Dermatology Associates of Concord Data Breach',
'type': 'Data Breach'}