Dermatology Associates KY Data Incident Investigation

According to an October 3, 2025 notice, Dermatology Associates, a dermatology practice in Louisville, Kentucky, reported a data security incident involving unauthorized access to parts of its computer network. The practice stated that an outside party may have accessed or obtained patient and insurance information between June 4, 2025, and August 5, 2025 and that a detailed review of the affected data is still underway. If you are a current or former patient, you may understandably be worried about how this event could affect your privacy, finances, and medical information. This page explains what is known so far, practical steps you can take right away, and how Strauss Borrelli PLLC can help you understand your legal options; you can also fill out the form on this page to see whether you may qualify for a potential claim.

Dermatology Associates is a healthcare provider in Louisville, Kentucky that offers medical, surgical, and cosmetic dermatology services to patients in the region.

Key Facts at a Glance

• Organization: Dermatology Associates (dermatology provider)
• Industry: Healthcare
• Location: Louisville, Kentucky
• Type of event: Reported hacking / IT security incident affecting the network
• Timeframe of unauthorized access: June 4 – August 5, 2025 (per company notice)
• Public notice date: October 3, 2025
• Potentially involved data: Personal details, identification numbers, and certain health and insurance information (varies by individual)
• Who may be impacted: Patients and others whose information was stored in the practice’s systems during the incident period
• Company contact: Toll-free assistance line at 1-833-519-0382
• Regulatory notifications: Company reports it is notifying relevant government regulators

What Happened?

According to the company’s October 3, 2025 notice, staff detected suspicious activity in its computer environment around August 4, 2025. The practice engaged third-party cybersecurity specialists to investigate and determine the nature and scope of the event, and that investigation reportedly remains ongoing.

Preliminary findings indicate that an unauthorized actor accessed certain systems between June 4, 2025, and August 5, 2025, and may have viewed or taken data stored there. Because those systems contained patient and billing information, the provider is reviewing what files were affected and which individuals’ information may have been involved. Once that review is finished, it states it will send written letters with more specific details to people identified as potentially impacted. In the meantime, a website notice and media announcement have been issued, and regulators are being notified while individuals are encouraged to watch for unusual account activity.

What Information Was Exposed?

The practice reports that its review of affected files is still in progress, and that the types of data involved can differ from person to person. Based on the current notice, the incident may have included some combination of:

• Names, addresses, telephone numbers, and dates of birth
• Driver’s license numbers or other identification numbers
• Physician name, patient ID or account numbers, and billing or claims information
• Health insurance information and certain related health records

Not everyone whose data was in the systems will necessarily have had all of these details involved. Until you receive a direct letter, it may not be clear exactly what, if any, information specific to you was affected.

What Should You Do Next?

1. Monitor financial and medical accounts. Carefully review bank and credit card statements, as well as health insurance explanations of benefits, for charges or services you do not recognize, and report anything suspicious immediately.
2. Check your credit reports. Visit AnnualCreditReport.com or contact Equifax, Experian, and TransUnion to obtain your free credit reports and look for new accounts, inquiries, or address changes you did not authorize.
3. Consider a fraud alert or credit freeze. Depending on your risk tolerance, you may wish to place a fraud alert or security freeze with the credit bureaus to make it harder for someone to open new credit in your name.
4. Contact the provider’s assistance line. Call 1-833-519-0382 with questions and to ask whether your information appears in the review, and keep copies of any letters or emails you receive about this event.
5. Document and report identity theft. If you notice misuse of your information, file reports with IdentityTheft.gov and local law enforcement, and keep records of all fraudulent activity and remediation efforts.
6. Speak with a data privacy attorney. If you received or expect to receive a notice, contact Strauss Borrelli PLLC using the form on this page to request a free, confidential case evaluation and learn about your potential legal options.

Your Legal Rights

Healthcare providers are required under federal and state law to safeguard sensitive medical and personal information and to provide notice when certain security incidents occur. If your information was involved in this incident, you may have rights under privacy, consumer protection, and data security laws, depending on your state and circumstances.

Potential legal claims in data security matters can include compensation for documented out-of-pocket losses, time spent responding to the incident, and, in some situations, the increased risk of identity theft or loss of privacy. You also generally have the right to receive adequate notice and to request information about what happened to your data. Deadlines for bringing claims are strict and vary by jurisdiction. An attorney at Strauss Borrelli PLLC can review your documentation, explain how the law may apply, and discuss possible individual or class action options.

Why Hire Strauss Borrelli PLLC?

Strauss Borrelli PLLC focuses on representing consumers whose personal information has been compromised in reported data security incidents. Our attorneys have represented thousands of data breach victims in cases involving healthcare, retail, and financial services companies. We understand how disruptive these events can be and how to investigate what occurred, assess potential harm, and pursue compensation where the law allows.

Our team reviews forensic findings, notification letters, and regulatory filings to look for potential violations of federal and state privacy requirements. When you contact us about the Dermatology Associates incident, we will walk you through your options, including any future class action or individual claim that may be available. There is no obligation to move forward after speaking with us, and you will receive clear, practical guidance about next steps.

Frequently Asked Questions

How do I know if my information was involved in the Dermatology Associates data incident?

According to the company’s notice, it is still reviewing the affected data to determine which individuals were impacted. Once that process is complete, it plans to mail written letters with more specific details. Until then, you can call the toll-free assistance line at 1-833-519-0382 to ask general questions. Strauss Borrelli PLLC cannot confirm whether your information was involved, but we can review any notice you receive and help you understand what it means.

What types of information may have been affected in this incident?

The public notice indicates that the incident may have involved some combination of names, addresses, telephone numbers, dates of birth, driver’s license numbers, physician name, patient IDs or account numbers, billing and claims information, health insurance information, and certain related health records. The exact data elements reportedly vary by person. Your individual notification letter, if you receive one, should specify which categories of information the company believes were involved in your case.

Has Dermatology Associates offered free credit monitoring or identity protection?

The website notice summarized to date does not clearly state whether complimentary credit monitoring or identity protection services are being offered. That information, if provided, is often included in individualized notification letters rather than the general public notice. When you receive a letter, read it carefully to see what services are available, or call the assistance line at 1-833-519-0382 to ask. An attorney can also help you evaluate whether the protections offered are appropriate in light of the data involved.

Can I join a lawsuit or class action related to the Dermatology Associates incident?

Whether you can bring an individual case or participate in a class action depends on several factors, including what information of yours was involved, what harm you have experienced so far, and the laws of your state. Data incident and privacy cases are complex and often handled as class actions when many people are affected in similar ways. Strauss Borrelli PLLC is investigating this matter and can discuss potential legal avenues with you. Speaking with a lawyer does not obligate you to file a case, and no outcome is guaranteed.