PhyNet announces data breach from employee email account

PhyNet Dermatology recently notified the public of a data breach.  

What happened

On July 29, 2025, PhyNet Dermatology LLC announced on its website that its affiliate, Total Vein & Skin LLC (which operates as Premier Dermatology Partners) has been the victim of a data breach. PhyNet currently provides administrative support to affiliates, which includes Total Vein & Skin.

PhyNet is now sending notices to potentially impacted individuals, along with information and next steps for victims. 

According to the notice, impacted information varies but may include: full names, addresses, Social Security numbers, financial account information, dates of birth, medical history information, treatment information, diagnosis information, treating physician name, medical record numbers, and health insurance information. 

Going deeper

PhyNet noted that the organization first became aware of suspicious activity on November 7th, 2024. The incident was related to an employee’s email account. 

Once PhyNet became aware of the incident, the organization worked to secure its email environment and investigate the incident’s nature and scope. The investigation determined that “a limited number of email accounts were compromised,” resulting in information within them being viewed or taken. PhyNet then completed a review of the viewed or stolen information, which was completed on June 6th, 2025. 

The big picture

This incident would be considered a third-party breach, as Total Vein & Skin experienced a data breach as a result of a breach at PhyNet. The breach underscores the importance of working with trusted vendors and ensuring their cybersecurity standards are high. On top of this, organizations can audit their partners, which can help ensure any vulnerabilities are quickly rectified. 

In this case, it’s clear that PhyNet should re-evalaute their email security standards. Email is a frequent vector for attack, but with the right cybersecurity software, like Paubox, these breaches can be easy to prevent. 

FAQs

What does it mean for PhyNet to provide “administrative services?”

For many small practices, it’s important to outsource certain administrative tasks, like medical billing or claims processing, which allows the smaller practice to focus its resources on providing care. In this case, Total Vein & Skin has a partnership with PhyNet for tasks like these.  

Will Total Vein & Skin notify patients?

While Total Vein & Skin may also reach out to patients, PhyNet’s notice stated that PhyNet will contact impacted individuals with information about the incident and next steps. 

What causes semail breaches? 

Email breaches can be caused by a variety of reasons. For instance, passwords can be hacked or discovered through brute force. In other cases, employees may fall victim to phishing attacks.