PhyNet Dermatology recently notified the public of a data breach.
On July 29, 2025, PhyNet Dermatology LLC announced on its website that its affiliate, Total Vein & Skin LLC (which operates as Premier Dermatology Partners) has been the victim of a data breach. PhyNet currently provides administrative support to affiliates, which includes Total Vein & Skin.
PhyNet is now sending notices to potentially impacted individuals, along with information and next steps for victims.
According to the notice, impacted information varies but may include: full names, addresses, Social Security numbers, financial account information, dates of birth, medical history information, treatment information, diagnosis information, treating physician name, medical record numbers, and health insurance information.
PhyNet noted that the organization first became aware of suspicious activity on November 7th, 2024. The incident was related to an employee’s email account.
Once PhyNet became aware of the incident, the organization worked to secure its email environment and investigate the incident’s nature and scope. The investigation determined that “a limited number of email accounts were compromised,” resulting in information within them being viewed or taken. PhyNet then completed a review of the viewed or stolen information, which was completed on June 6th, 2025.
This incident would be considered a third-party breach, as Total Vein & Skin experienced a data breach as a result of a breach at PhyNet. The breach underscores the importance of working with trusted vendors and ensuring their cybersecurity standards are high. On top of this, organizations can audit their partners, which can help ensure any vulnerabilities are quickly rectified.
In this case, it’s clear that PhyNet should re-evalaute their email security standards. Email is a frequent vector for attack, but with the right cybersecurity software, like Paubox, these breaches can be easy to prevent.
For many small practices, it’s important to outsource certain administrative tasks, like medical billing or claims processing, which allows the smaller practice to focus its resources on providing care. In this case, Total Vein & Skin has a partnership with PhyNet for tasks like these.
While Total Vein & Skin may also reach out to patients, PhyNet’s notice stated that PhyNet will contact impacted individuals with information about the incident and next steps.
Email breaches can be caused by a variety of reasons. For instance, passwords can be hacked or discovered through brute force. In other cases, employees may fall victim to phishing attacks.