Cyber Incident Victim: Aesthetic Dermatology Associates

Aesthetic Dermatology Associates detected suspicious activity on its systems on August 15, 2022, prompting an immediate internal investigation. The organization engaged a computer forensics specialist to determine the nature and scope of the incident, which revealed unauthorized access to network systems containing files with personal information. By September 3, 2022, the forensic review confirmed that sensitive patient data may have been compromised, including names, addresses, dates of birth, diagnosis codes, and health insurance details. The practice issued a public press release acknowledging the breach but asserted there was no evidence of actual or attempted misuse of the exposed information. Notification letters were distributed to affected individuals, though the entity did not reference any complementary credit monitoring or identity theft protection services in its communications.

The ransomware group BianLian claimed responsibility for the attack and began leaking stolen patient records on the dark web by October 1, 2022, prior to the practice’s public disclosure of the breach’s full implications. Leaked data included patient files and a directory tree suggesting broader exposure of network contents than initially disclosed. Despite BianLian’s public release of records, Aesthetic Dermatology Associates maintained its original position regarding lack of evidence of data misuse in subsequent statements. The incident impacted 33,793 individuals according to a report submitted to the U.S. Department of Health and Human Services. No reference to the dark web leaks appeared in the practice’s official press release or website at the time of external reporting.