On June 24, 2021, Forefront Dermatology, S.C. and its affiliated practices concluded its investigation of an intrusion into its IT network by unauthorized parties and determined that the incident resulted in unauthorized access to certain files on its IT systems that contain patient information. The company first identified the intrusion on June 4, 2021, and immediately took its network offline to protect the information it maintains and secure its systems. In addition it promptly launched an investigation and notified law enforcement.

The investigation determined that unauthorized parties gained access to Forefront Dermatology’s IT network between the dates of May 28, 2021 and June 4, 2021 and accessed certain files that contain information pertaining to some patients. This information may have included patient names, addresses, dates of birth, patient account numbers, health insurance plan member ID numbers, medical record numbers, dates of service, accession numbers, provider names, and/or medical and clinical treatment information.

There is no evidence that patient Social Security numbers, driver’s license numbers, or financial account / payment card information were involved in this incident.

While the investigation found evidence that only a small number of patients’ information was specifically involved, Forefront Dermatology could not rule out the possibility that files containing other patients’ information may have been subject to unauthorized access. Patients whose information may have been involved in this incident are being notified by Forefront Dermatology and are advised to review the statements they receive from their health care providers and health insurance plan. If individuals see services they did not receive, they should contact the provider or health plan immediately. To help prevent something like this from happening again, Forefront Dermatology is enhancing its security protocols.

We deeply regret any inconvenience or concern this incident may cause. We take this matter very seriously and are continuing to enhance our security protocols to help prevent a similar incident from occurring in the future. If you have any questions about this incident, please call Forefront Dermatology’s dedicated, toll-free incident response line at 855-899-4166, Monday through Friday, between 8:00am to 8:00pm, Central Time.

Frequently Asked Questions (FAQs)

What happened?

On June 24, 2021, Forefront concluded its investigation of an intrusion into its IT network by unauthorized parties and determined that the incident resulted in unauthorized access to certain files on its IT systems that contain Forefront patient information. Forefront first identified the intrusion on June 4, 2021 and immediately took its entire network offline to protect the information it maintains and to secure its systems. Forefront then launched an investigation and notified law enforcement.

When did the incident occur?

This incident occurred on June 4, 2021. Immediately upon learning of the incident, Forefront took its entire network offline, out of an abundance of caution to protect its patients and to secure its systems, launched an investigation and notified law enforcement. As part of the investigation, Forefront worked diligently to identify what information may have been involved. Once Forefront determined what information may have been involved, it moved quickly to notify potentially affected individuals.

How do you know the systems are safe now?

Forefront took its systems offline and fortified its network before bringing them back online. Forefront believes its systems are now both safe and operational and should not create any further delays in patient care or service.

What patient data was involved?

Forefront’s investigation could not rule out the possibility that files containing information pertaining to patients may have been subject to unauthorized access, including their  names, addresses, dates of birth, patient account numbers, health insurance plan member ID numbers, medical record numbers, dates of service, provider names, and/or medical and clinical treatment information.

Forefront has begun mailing and emailing notices  to  individuals whose information was or may have been involved in the incident. The letters describe the specific information potentially involved for the letter recipient. Forefront is also notifying government regulators, in accordance with applicable law.

How is Forefront responding?

Forefront immediately took its entire network offline out of an abundance of caution to protect its patients and to secure its systems. Forefront also launched an investigation and notified law enforcement. Once Forefront determined that personal information was potentially involved in this incident, it moved quickly to notify those individuals and government regulators, in accordance with applicable law. To help prevent something like this from happening again, Forefront Dermatology is enhancing its security protocols.