Anne Arundel Dermatology reports cyberattack, data breach affecting almost 2 M patients

Anne Arundel Dermatology (AAD), a dermatology provider in the Mid-Atlantic and Southeastern United States, is reporting a cyberattack and a breach that compromised the personal and health information of more than 1.9 million patients. 

The Maryland-based dermatology group, serves patients across seven states through its network of more than 275 clinicians providing medical, surgical, pediatric, cosmetic, and dermatopathology services. 

Anne Arundel detected a security incident on May 13, 2025. The organization launched an investigation with third-party cybersecurity experts. The investigation concluded that unauthorized actors maintained access to AAD's systems for nearly three months, from February 14, 2025, through May 13, 2025. A file review concluded on June 27, 2025, confirmed that personal information had been exposed. Compromised data includes:

• Names
• Addresses
• Dates of birth
• Medical information and health records
• Health insurance information
• Social Security numbers (in some instances)

The incident affected 1,905,000 individuals. The nature of the attack is not disclosed. 

Anne Arundel Dermatology is offering 24 months of free identity protection services to impacted individuals.