Shelby Dermatology Breach Exposes 86,414 Patients' Health Records

A major cybersecurity incident at Shelby Dermatology, operating as Dermatologists of Birmingham, has compromised the protected health information (PHI) of 86,414 patients. The Alabama-based dermatology practice reported this significant data breach to the Department of Health and Human Services on May 2, 2025, marking it as one of the larger healthcare data breaches reported this year.

What Happened

Shelby Dermatology d.b.a Dermatologists of Birmingham fell victim to a hacking incident that targeted their network server infrastructure. The breach was classified as a "Hacking/IT Incident" by the HHS Office for Civil Rights, indicating that unauthorized individuals gained access to the practice's digital systems containing sensitive patient information.

While the healthcare provider has not released additional details about the specific nature of the attack, the breach's classification suggests cybercriminals successfully penetrated the practice's network defenses. This type of incident typically involves sophisticated attack methods such as ransomware, malware deployment, or exploitation of system vulnerabilities.

The breach was formally reported to federal authorities on May 2, 2025, and subsequently appeared on the HHS Wall of Shame - the official database tracking healthcare data breaches affecting 500 or more individuals.

Who Is Affected

The cyberattack impacted 86,414 individuals who received care at Shelby Dermatology. This substantial number places the incident among the more significant healthcare data breaches, affecting patients across Alabama and potentially surrounding states where the practice may serve patients.

Patients affected by this breach likely include individuals who:

• Received dermatological treatments or consultations at the practice
• Had their personal and medical information stored in the practice's electronic health record systems
• May have visited the practice over several years, as healthcare providers typically maintain patient records for extended periods

The large number of affected individuals suggests this was a well-established practice with extensive patient records dating back multiple years.

Breach Details

The breach originated from the practice's network server, which typically serves as the central repository for electronic health records, patient scheduling systems, billing information, and other critical healthcare data. Network servers in medical practices commonly store:

• Patient Demographics: Names, addresses, phone numbers, and dates of birth
• Medical Records: Diagnosis codes, treatment histories, and clinical notes
• Insurance Information: Policy numbers, coverage details, and claims data
• Financial Data: Payment methods, billing addresses, and account information
• Appointment Records: Visit histories and scheduling information

The classification as a "Hacking/IT Incident" indicates this was not an accidental disclosure or theft of physical records, but rather a deliberate cyberattack targeting the practice's digital infrastructure. Such incidents often involve:

• Ransomware attacks that encrypt patient data
• Data exfiltration attempts to steal information for sale on dark web markets
• Business email compromise schemes
• Exploitation of unpatched software vulnerabilities
• Social engineering attacks targeting staff credentials

What This Means for Patients

Patients affected by this breach face several potential risks and concerns:

Identity Theft Risk: With access to personal information like names, addresses, dates of birth, and Social Security numbers, cybercriminals can attempt to open fraudulent accounts or file false tax returns.

Medical Identity Theft: Stolen health information can be used to obtain medical services, prescription drugs, or file fraudulent insurance claims under patients' identities.

Financial Fraud: If payment information was compromised, patients may experience unauthorized charges or account access attempts.

Privacy Violations: Sensitive medical information about dermatological conditions could potentially be exposed or misused.

Insurance Complications: Fraudulent use of insurance information could lead to coverage issues or claim disputes.

How to Protect Yourself

If you are a patient of Shelby Dermatology or Dermatologists of Birmingham, take these immediate protective steps:

Monitor Financial Accounts: Review bank statements, credit card bills, and insurance statements for unauthorized activity. Set up account alerts for unusual transactions.

Check Credit Reports: Obtain free credit reports from all three major bureaus (Equifax, Experian, TransUnion) and look for suspicious new accounts or inquiries.

Consider Credit Freezes: Place security freezes on your credit files to prevent new accounts from being opened without your permission.

Watch for Phishing: Be cautious of emails, calls, or texts claiming to be related to the breach - scammers often exploit these situations.

Monitor Medical Records: Review explanation of benefits statements from insurance providers for services you didn't receive.

Contact the Practice: Reach out to Shelby Dermatology for specific information about what data was compromised and what protective services they're offering.

Document Everything: Keep records of any suspicious activity or communications related to the breach.

Prevention Lessons for Healthcare Providers

This breach highlights critical cybersecurity challenges facing healthcare practices of all sizes. Healthcare providers can learn from this incident by implementing:

Comprehensive Security Assessments: Regular vulnerability scans and penetration testing can identify weaknesses before attackers exploit them.

Employee Training Programs: Staff education about phishing, social engineering, and safe computing practices is essential for preventing breaches.

Network Segmentation: Isolating critical systems can limit the scope of potential breaches and contain damage.

Regular Software Updates: Maintaining current patches and security updates closes known vulnerability gaps.

Incident Response Planning: Having detailed response procedures enables faster containment and recovery.

Data Encryption: Encrypting sensitive data both in transit and at rest provides additional protection layers.

Access Controls: Implementing role-based access and multi-factor authentication reduces unauthorized system access.

Regular Backups: Secure, tested backup systems ensure data recovery capabilities following incidents.

The healthcare sector continues to face increasing cyber threats, with attacks becoming more sophisticated and frequent. This incident serves as a reminder that even specialized practices like dermatology clinics are valuable targets for cybercriminals seeking healthcare data.

As investigations continue and more details emerge about this breach, affected patients should remain vigilant about protecting their personal information and monitoring for signs of fraudulent activity.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.