Investigation Launched Against DermCare Management for Major Data Breach Affecting Patient Privacy

Investigation of DermCare Management, Inc.

On May 4, 2026, Schubert Jonckheer & Kolbe LLP announced its investigation into a troubling data breach affecting DermCare Management, a practice management company based in Florida. The breach has raised serious concerns about patient privacy as sensitive patient information was reportedly accessed without authorization.

Background of the Incident

The breach occurred between February 14 and February 26, 2025, when an unauthorized actor accessed DermCare's network, resulting in the exfiltration of confidential patient files. This incident has affected over 9,724 individuals in Texas alone, as revealed by a notification sent to the Texas Office of the Attorney General on April 10, 2026.

DermCare Management oversees a network of skincare and dermatology clinics spanning across several states, including California, Florida, Texas, and Virginia. A number of these clinics, such as Berman Skin Institute and Dania Dermatology, are part of the affected group, potentially exposing their patients to various risks associated with the breach.

Compromised Information

The breach has reportedly exposed a vast array of personal data. Affected individuals may have had their names, Social Security numbers, driver's license numbers, financial account information, medical records, and health insurance information accessed. Such breaches not only compromise an individual's privacy but also significantly elevate the risk of identity theft and fraud.

Delayed Notification

Despite the breach occurring in 2025, DermCare did not notify the impacted patients until around April 8, 2026, which raises potential violations of both state and federal laws regarding timely disclosure of data breaches. This delay has led to heightened scrutiny over the company's cybersecurity practices and overall responsibility in safeguarding patient data.

Legal Implications and Rights

For individuals whose information has been exposed, there lies a potential pathway for legal recourse. Victims may pursue compensation for damages suffered due to the breach, and they might also seek an injunction aimed at instigating significant changes within DermCare's cybersecurity methods. Patients affected by this breach are advised to be vigilant about monitoring their personal information and to take necessary steps to protect themselves against identity theft.

If you believe your information was compromised, you are encouraged to seek further information regarding your legal rights. Schubert Jonckheer & Kolbe LLP is collecting cases related to this incident and can provide guidance on the next steps.

Conclusion

As the investigation proceeds, the situation reflects a growing concern around data privacy within the healthcare sector and highlights the critical need for firms like DermCare Management to enhance their cybersecurity measures. The exposure of sensitive patient data calls into question the effectiveness of existing protocols and mandates a reassessment of practices to protect against such incidents in the future.