Multiple class action lawsuits have been filed against QualDerm Partners after a December 2025 cyberattack exposed the medical records and personal information of nearly 175,000 patients in Texas alone. The healthcare services company faces allegations of delayed notification and inadequate data security practices. Track this case and others at OpenClassActions.com.
What Happened?
QualDerm Partners, a network of dermatology practices, detected unauthorized activity on its computer systems on December 24, 2025. An internal investigation determined that an unauthorized actor accessed and removed data from QualDerm’s systems between December 23 and December 24, 2025. The company did not begin notifying affected patients until February 2026 — approximately two months after the breach occurred.
At least four separate federal class action lawsuits were filed in the U.S. District Court for the Middle District of Tennessee between February 24 and February 26, 2026, making this one of the fastest incident-to-litigation conversions in recent healthcare breach history.
What Information Was Compromised?
- Patient names, dates of birth, and Social Security numbers
- Medical record numbers and treatment information
- Health insurance policy details and claims data
- Financial account numbers
- Driver’s license numbers
How Many People Are Affected?
According to reports filed with the Texas Attorney General, at least 174,837 Texas residents were impacted. QualDerm operates practices in multiple states, so the total number of affected patients nationwide is likely significantly higher. The full scope of the breach is still being determined as QualDerm continues its investigation.
What Are the Legal Claims?
Plaintiffs allege that QualDerm failed to implement reasonable security measures to protect highly sensitive medical and personal data, failed to timely detect the intrusion, and unreasonably delayed notifying patients. The lawsuits also assert that QualDerm’s notification letters were vague and did not provide adequate information about the type and extent of data stolen. The complaints include claims for negligence, breach of fiduciary duty, and violations of HIPAA-related obligations.
| Detail | Information |
| Defendant | QualDerm Partners, LLC |
| Court | U.S. District Court, Middle District of Tennessee |
| Breach Window | December 23–24, 2025 |
| TX Residents Affected | 174,837 |
| Federal Lawsuits Filed | At least 4 |
| Status | Active — multiple complaints, investigations ongoing |
What Should Patients Do?
If you received dermatology care from a QualDerm-affiliated practice, watch for a breach notification letter. Regardless of whether you receive one, consider placing a fraud alert on your credit files, monitoring your health insurance statements for unfamiliar claims (a sign of medical identity theft), and reviewing your Explanation of Benefits statements carefully.
This page is for informational purposes and does not constitute legal advice. Visit OpenClassActions.com for more class action news and open settlements.
Related Data Breach Cases on OpenClassActions
- Precipio Healthcare Data Breach Class Action Settlement
- Kerber Eck and Braeckel Reaches $1.4 Million Settlement Over Healthcare Data Breach
- Norton Healthcare Data Breach Class Action Settlement
- Norton Healthcare Data Breach Class Action Settlement — Claim Deadline May 18, 2026
- Gryphon Healthcare Data Breach Class Action Settlement — Claim Deadline April 16, 2026