Nearly two million Americans are at risk of identity theft following a data breach in which a hacker stole sensitive personal and health information from a healthcare provider.
The latest data from the U.S. Department of Health and Human Services Office for Civil Rights shows that Anne Arundel Dermatology (AAD) was hit by a hacking/IT incident, impacting 1,905,000 individuals.
-->In a data breach notice to consumers, AAD says that an unknown entity gained unauthorized access to its systems and siphoned files containing customers’ personal or health information. The HIPAA Journal reports that the hacker may have stolen names, addresses, dates of birth, medical histories, health insurance records and other personal datasets.
“Anne Arundel Dermatology recently identified an intrusion on certain of its systems by an unauthorized third party. We took immediate action to review this incident and secure our systems. Our review determined that certain data files were accessible to the unauthorized third party for a period of time. We subsequently performed an assessment of these data files and determined, on May 20th, 2025, that some of the files contained certain personal or health information when the unauthorized third party had access to them.
Our review indicates that the unauthorized access may have begun on February 14th, 2025, and ended on May 13th, 2025.”
AAD is a Maryland-based practice offering a comprehensive range of skincare solutions, including medical, surgical, cosmetic, pediatric and dermatopathology services.
The firm says it is offering impacted Americans free identity protection services that come with 24 months of credit and CyberScan monitoring and a $1 million insurance reimbursement policy.
For now, AAD says it has not yet received reports of any instance of fraudulent activity arising from the cybersecurity incident.
