Birmingham, AL dermatologist notifies 86K people of data breach

Dermatologists of Birmingham this week confirmed it notified 86,414 people of a March 2025 data breach that compromised the following personal info:

• Names
• Social Security numbers
• Addresses
• Email addresses
• Phone numbers
• Dates of birth
• Medical diagnoses and treatments
• Health insurance info

“On or around March 7, 2025, Dermatologists of Birmingham became aware of suspicious activity within its network environment,” says the notice sent to victims. “Dermatologists of Birmingham then began a comprehensive review of the data set to determine what sensitive and/or personal information was impacted and to whom it related. On May 15, 2025, Dermatologists of Birmingham finished its review of the impacted information.”

Ransomware gang Qilin claimed responsibility for the attack, saying it stole 141 GB of data from the Alabama skin care practice.

Dermatologists of Birmingham has not verified Qilin’s claim. We do not know if the company paid a ransom, how much Qilin demanded, or how attackers breached the company’s network. Comparitech contacted Dermatologists of Birmingham for comment and will update this article if it replies.

Dermatologists of Birmingham is offering 12 months of free credit monitoring and identity theft restoration through TransUnion.

Who is Qilin?

Qilin is a ransomware gang that began claiming responsibility for attacks on its data leak site in late 2022. Based in Russia, Qilin mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.

Qilin took credit for 31 confirmed ransomware attacks in 2025 to date, plus 221 unconfirmed attack claims that haven’t been acknowledged by the targeted organizations.

Hospitals and clinics are frequent targets for Qilin and other ransomware gangs. Last week, Next Step Healthcare confirmed it notified more than 12,000 people of a June 2024 data breach claimed by Qilin. The group also recently took credit for confirmed attacks on a hospital in Spain and an eye surgeon in Hungary.

Ransomware attacks on US healthcare

Comparitech researchers have logged 27 confirmed ransomware attacks on US healthcare companies in 2025 so far, compromising more than 1.9 million records.

In another recent such attack, ransomware gang Interlock took credit for an attack on Kettering Health, an Ohio chain of clinics.

Ransomware attacks on US hospitals, clinics, and other care providers can cripple critical systems and endanger the health, privacy, and security of patients. Hospitals must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics might have to resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.

About Dermatologists of Birmingham

Shelby Dermatology, which does business as Dermatologists of Birmingham, operates two skin care clinics in Birmingham and Alabaster, Alabama.