Nearly 2 million patients affected in healthcare cyberattack

Patients are urged to review account statements, monitor credit, and remain alert for signs of identity theft.
Anne Arundel Dermatology, data breach, patient records, healthcare cyberattack, identity protection, forensic review, HIPAA notification, PHI exposure, multi-state clinics, security incident

Anne Arundel Dermatology, a network of over 100 clinics across seven states, has confirmed a cyberattack that compromised patient data for nearly 1.9 million individuals.

The breach between 14 February and 13 May 2025 may have exposed sensitive personal and medical records.

The company responded swiftly by isolating affected systems, working with forensic experts and completing a full file review by 27 June.

While there is no evidence that the data was accessed or misused, patients were notified and offered 24 months of identity-theft protection.

The incident ranks among the largest reported healthcare data breaches this year, prompting mandatory notifications to state attorneys general and the HHS Office for Civil Rights.

Affected individuals are advised to monitor statements and credit reports carefully.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!