Affiliated Dermatologists (AD) has notified the public of a data security incident involving unauthorized access to their network. The breach was discovered on March 5, 2024, when a ransom note was found, prompting immediate disconnection of the network and involvement of cybersecurity professionals. A forensic investigation revealed that between March 2 and March 5, 2024, the unauthorized actor accessed and copied data, impacting both patient and employee information.
The compromised data includes a range of personal information. For patients, this may involve names, dates of birth, mailing addresses, social security numbers, medical treatment details, and health insurance claims information. For employees, it could include names, dates of birth, mailing addresses, social security numbers, driver’s license numbers, and passport numbers. AD has committed to notifying each affected individual through personalized letters that specify which categories of information were involved.
In response to the incident, AD has implemented several remediation measures to strengthen their network security. These measures include round-the-clock network monitoring, multi-factor authentication for remote access, and mandatory password resets for all network accounts. Additionally, AD is offering free credit monitoring and identity theft protection services to all potentially affected individuals, with instructions on how to enroll provided in the notification letters.
AD advises everyone to stay vigilant against identity theft by regularly reviewing account statements and monitoring credit reports for suspicious activity. Free credit reports are available from the major credit bureaus to help individuals keep track of any unusual activity. AD remains committed to the security and privacy of personal information and is taking all necessary steps to prevent future incidents.
