On December 6, 2022, Suncoast Skin Solutions reported a data breach with the Maine Attorney General after the company experienced what appears to have been a ransomware attack that exposed sensitive patient information to an unauthorized party. According to Suncoast, the breach resulted in the following patient information being compromised: names, dates of birth, Social Security numbers, clinical information, doctor’s notes, and other treatment information. Recently, Suncoast sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
If you received a data breach notification from Suncoast Skin Solutions, it means that your personal and medical information is now in the hands of an “unauthorized party.” As we’ve discussed in other posts, this necessarily puts you at a significantly increased risk of identity theft and other frauds. How hackers were able to access your information and whether there was more that Suncoast could have done to prevent the attack remain unanswered questions. However, depending on the outcome of the pending investigation, victims of the Suncoast Skin Solutions breach may be able to pursue a data breach lawsuit against the company to compensate them for the future risk of identity theft they now face.
What We Know About the Suncoast Skin Solutions Data Breach
The available information regarding the Suncoast Skin Solutions breach comes from the company’s filing with the Maine Attorney General’s office. According to this source, on July 14, 2021, Suncoast Skin Solutions learned that some of the company’s computer systems had been encrypted by an unknown party. In response, Suncoast took steps to secure its computer systems and then began working with outside cybersecurity specialists in hopes of learning more about the nature and scope of the incident as well as whether any patient information was exposed.
The company’s preliminary investigation concluded on October 14, 2021, and confirmed that some files on the Suncoast network were accessed by an unauthorized party. However, Suncoast’s live Electronic Medical Record (“EMR”) system was not among the accessible files.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Suncoast Skin Solutions began to review the affected files to determine what information was compromised and which consumers were impacted. The company completed the first stage of this process in November 2021; however, “due to the nature and size of the potentially impacted data, the data mining process” took an additional ten months, concluding in October 2022. While the breached information varies depending on the individual, it may include your name, date of birth, Social Security number, clinical information, doctor’s notes, and other treatment information.
On December 6, 2022, Suncoast Skin Solutions sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. The Maine Attorney General reports that the Suncoast Skin Solutions data breach affected the sensitive information of 75,992 individuals.
Founded in 2008, Suncoast Skin Solutions is a dermatological practice based in Brandon, Florida. The company offers a wide range of dermatology services, with an emphasis on the prevention and treatment of skin cancer. The practice performs Mohs surgery, as well as other medical dermatological and non-medical dermatological services. Suncoast operates 18 offices across Florida, including in Brandon, Brooksville, Clearwater, Daytona Beach, Hudson, Largo, Lecanto, Leesburg, Lutz, Ocala, Palm Harbor, Punta Gorda, Riverview, Sarasota, Seminole, St. Petersburg, Tampa, and Winter Haven. Suncoast Skin Solutions employs more than 83 people and generates approximately $26 million in annual revenue.
