Maryland-based dermatology services provider Anne Arundel Dermatology has disclosed a data breach impacting roughly 1.9 million individuals.
Data breach notifications sent out to affected people reveal that hackers had access to its systems for roughly three months, between February 14 and May 13.
An investigation launched after the intrusion was detected showed that the attacker could have stolen files containing patients’ personal and health information.
Anne Arundel Dermatology provides general, surgical, and cosmetic dermatology services at over 60 locations in the Mid-Atlantic and Southeastern regions.
The healthcare firm was unable to determine whether the hackers actually viewed or exfiltrated personal and health information, and says it’s not aware of any misuse or fraudulent activity stemming from the incident, but impacted individuals are being offered 24 months of identity protection services.
The healthcare data breach tracker maintained by the US Department of Health and Human Services revealed on Thursday that the Anne Arundel Dermatology incident has impacted more than 1.9 million people.
No known ransomware group appears to have taken credit for the attack on Anne Arundel Dermatology.
Many of the healthcare data breaches that came to light in recent months impacted hundreds of thousands and even millions of individuals.
Related: Compumedics Ransomware Attack Led to Data Breach Impacting 318,000
Related: Central Kentucky Radiology Data Breach Impacts 167,000
