Active breach tracker Blue Ash, OH HQ Disclosed January 26, 2026

DOCS Dermatology Group Data Breach 2026: 4,626 Illinois Dermatology Patients Exposed. 85+ Multi-State Locations. What To Do

Central States Dermatology Services, LLC (d/b/a DOCS Dermatology Group), an Ohio-based dermatology platform with 85+ locations and 190+ providers across 10 states, disclosed a November 2025 network intrusion. The Illinois HHS OCR filing covers 4,626 patients. Names, Social Security numbers, dates of birth, treatment, prescriptions, Medicare/Medicaid IDs, and billing data exposed. No credit monitoring vendor named in public notice. Here is what to do.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Nov 19, 2025

Unauthorized third-party network access begins

Nov 27, 2025

Discovery / suspicious activity flagged

Jan 26, 2026

HHS OCR filing and public disclosure (Illinois cohort: 4,626)

Data exposed

01

High-risk identity

Enables financial + identity theft

Date of birth Social Security number

02

Health records

Don't expire and can't be reissued

Treatment / diagnosis information Prescription / medication information Medical record number

03

Contact & insurance

Phishing + targeted scams

Full name Home address Email address, phone number Dates of service Provider name Patient account number Medicare / Medicaid ID Health insurance information Medical billing / claims data

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Schubert Jonckheer & Kolbe LLP (publicly investigating) Strauss Borrelli PLLC (publicly investigating) The Lyon Firm (publicly investigating)
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

What happened

Central States Dermatology Services, LLC is the legal entity for DOCS Dermatology Group, an Ohio-based dermatology practice management platform headquartered at 9987 Carver Road, Suite 250, Blue Ash, OH. The network operates 85+ locations and 190+ providers across Illinois, Indiana, Louisiana, Michigan, North Carolina, Ohio, Pennsylvania, South Carolina, Texas, and West Virginia. Services span medical, surgical, and cosmetic dermatology, including Mohs micrographic surgery, BOTOX, fillers, microneedling, and laser resurfacing.

Between November 19 and November 27, 2025, an unauthorized third party accessed DOCS Dermatology’s network. The intrusion was discovered on November 27, 2025. DOCS Dermatology filed with HHS OCR and publicly disclosed on January 26, 2026 — the Illinois cohort filing covers 4,626 affected individuals. The broader breach extends across the 10-state network (state-level counts vary per AG filings).

No ransomware group has publicly claimed responsibility. No leak-site listing has been observed. The ~60-day gap between discovery and notice has been flagged by plaintiff firms as potentially violating state notification statutes.

What was stolen

Per the entity’s notice:

  • Full name, home address, email, phone number
  • Date of birth
  • Social Security number
  • Treatment and diagnosis information
  • Prescription / medication information
  • Dates of service, provider name
  • Medical record number, patient account number
  • Medicare / Medicaid ID
  • Health insurance information
  • Medical billing / claims data

No public confirmation of dermatology images or biopsy photos being exfiltrated.

What DOCS Dermatology is offering

  • Dedicated call center: 513-813-1488 (Blue Ash HQ)
  • Mailing address for inquiries: 9987 Carver Road, Suite 250, Blue Ash, OH 45242

No specific credit-monitoring vendor named in DOCS Dermatology’s public notice — patients are directed to self-monitor and place fraud alerts or freezes with TransUnion, Experian, Equifax on their own. The absence of a named monitoring program is unusual for a breach of this size with full SSN exposure, and is likely a focal point of any class action.

State AG filings

Per ClaimDepot aggregation, DOCS Dermatology filed AG notices in: California, Iowa, Maine, Massachusetts, Montana, Nebraska, New Hampshire, Oregon, Rhode Island, South Carolina, Texas, and Vermont. Illinois AG filing is presumed given the 4,626 IL count on OCR.

What to do

  1. Place free credit freezes at Equifax, Experian, TransUnion. Full SSN is in scope and no monitoring is being provided.
  2. File IRS Form 14039.
  3. Consider purchasing your own credit monitoring given the SSN + DOB + medical + billing exposure profile.
  4. Watch your Medicare Summary Notice for unfamiliar dermatology or specialty claims.
  5. Stop the ongoing flow of your dermatology records. HealthConsent files HIPAA restriction requests so the biopsy, prescription, and treatment data exposed in this breach is not continuously re-shared.

Continue reading

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.