Dermatology practice Brevard Skin and Cancer Center in Brevard, Florida, suffered a cyberattack that was first discovered on October 14, 2025. It took quick action to keep its systems secure. Third-party cybersecurity experts investigated the nature and magnitude of the unauthorized activity. Based on the forensic investigation, an unauthorized third party first accessed its system on September 28, 2025, and extracted some files from its system. Brevard Skin and Cancer Center is reviewing the impacted files to determine the types of data compromised and the individuals affected. It is now confirmed that the personal data and protected health information (PHI) of present and past patients were compromised.
The breached data differs from one person to another and might include names along with at least one of these data: birth date, home address, contact number, diagnosis and clinical data, e-mail address, Social Security number, and billing and claims data. Employee information was likewise affected in the cyberattack, which includes complete names, phone numbers, birth dates, home addresses, e-mail addresses, Social Security numbers, and medical conditions reported in FMLA forms.
Brevard Skin and Cancer Center is analyzing its cybersecurity procedures and reviewing its security guidelines. It is taking steps to improve security to avoid the same data breaches later. It mailed notification letters to the impacted persons and offered free credit monitoring and identity theft protection services for two years.
There was no mention in the breach notifications concerning the hacking group involved. Nevertheless, the Pear threat group announced that it is behind the attack and claimed the theft of 1.8 terabytes of data. This new hacking group appeared in August 2025. Pear group specializes in data exfiltration and demanding ransom only. It does not encrypt data. The group is very active and has done 49 attacks in the past three months on the healthcare industry, including HIPAA-certified entities.
