Brevard Skin & Cancer Center 2025 Data Breach

Brevard Skin and Cancer Center Dermatology Breach (2025): 215K Patient SSN & Home Address Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

PEARRansomwareMedicalEmail AddressFull NamePhone NumberPhysical AddressSocial Security Number
High SeverityWebsite / service breach

Brevard Skin and Cancer Center Dermatology Breach (2025): 215K Patient SSN & Home Address Records Exposed

Dermatology and skin cancer treatment practice.

Verified by ObscureIQ Intelligence
69/100Breach Risk Index
30Data Value
40Market Recency
184dSince Breach

Breach Intelligence Summary

Entity: Brevard Skin & Cancer Center · Actor: PEAR · Sources: 2 references
Attack: Ransomware
Profile: Healthcare provider · Dermatology and cancer treatment services · Specialty clinic network · USA
Timeline: Breach (2025-10-10) · Indexed (Oct 25, 2025) · Year (2025)
Exposure: 215K records · 5 fields: Email Address, Full Name, Phone Number, Physical Address, Social Security Number
Status: Reported

Executive Summary

Brevard Skin and Cancer Center, a Florida-based dermatology and skin-cancer treatment practice operating five locations in Brevard County, suffered a data exfiltration attack on September 28, 2025. The practice discovered the intrusion on October 14, 2025 and engaged outside cybersecurity specialists. The PEAR ransomware group claimed responsibility on October 10, 2025 by listing Brevard on its dark-web leak site and asserting it had exfiltrated approximately 1.8 terabytes of data. PEAR is a relatively new threat actor that surfaced in August 2025 and specializes in data theft and extortion without file encryption.\n\nThe breach affected approximately 55,500 individuals according to the Maine Attorney General notification. Compromised fields include names, dates of birth, home addresses, phone numbers, email addresses, Social Security numbers, diagnosis and clinical information, and billing and claims data. PEAR's leak-site posting indicated the underlying archive also includes financial records, HR data, vendor and partner information, mailboxes, email correspondence, and database exports beyond the patient-data subset.\n\nFor affected patients, the practical risk profile combines severe identity-fraud exposure with dermatology and oncology-specific risks. The pairing of name, address, date of birth, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms the existence of a dermatology or skin-cancer care relationship, which can support medical-themed scams referencing real treatments, biopsies, or insurance claims. Patients with skin-cancer diagnoses are unusually attractive targets for emotionally manipulative phishing because their care relationships often involve high anxiety. Affected individuals should accept the IDX credit monitoring offered by Brevard, freeze credit at all three U.S. bureaus, monitor health-insurance statements, and treat unsolicited contact referencing the practice, dermatology treatments, or insurance verification with caution.

ObscureIQ assessment: Severe risk. Exposure can enable identity theft and medical fraud, but also significant privacy harm because cancer or dermatology treatment status may itself be highly sensitive.

Breach Impact

The institutional impact on Brevard Skin and Cancer Center is meaningful given the practice's size and the depth of the leaked data. Federal HIPAA notification obligations, an Office for Civil Rights review, multistate attorney-general filings, and class-action litigation discussions are all in motion. PEAR's claim that the stolen archive includes financials, HR records, vendor and partner data, mailboxes, email correspondence, and database exports adds enterprise-level exposure beyond standard patient-data risks. The reputational impact is concentrated within the Brevard County dermatology market, where the practice serves a substantial share of the local skin-cancer patient population. Operationally, Brevard secured its electronic environment and engaged cybersecurity specialists.

About Brevard Skin & Cancer Center

Brevard Skin and Cancer Center is a U.S.-based dermatology and skin-cancer treatment practice operating in Brevard County, Florida. The practice operates under the legal entity DRS Roberts & Bryan, P.A. and runs five clinical locations in Merritt Island, Rockledge, Titusville, Viera, and Palm Bay. Services include skin cancer detection and treatment, general dermatology, and treatment of skin, hair, and nail conditions. As a HIPAA-regulated specialty healthcare provider, Brevard Skin and Cancer Center maintains substantial volumes of protected health information including patient identity, contact, insurance, billing, diagnostic, and dermatologic and oncologic treatment records. The patient base reflects the demographics of Brevard County, with a population of approximately 630,000.

Why They Hold Your Data

Dermatology and cancer-treatment providers collect highly sensitive patient identity, insurance, billing, appointment, and diagnosis-related records tied to specialty care.

Recent Developments

Brevard Skin and Cancer Center identified the cybersecurity incident on October 14, 2025 and engaged third-party cybersecurity experts to investigate. The forensic review found that the unauthorized access began on September 28, 2025. The practice formally disclosed the incident to the Maine Attorney General on December 9, 2025 and began mailing patient notification letters on December 26, 2025. The PEAR ransomware group, which emerged in August 2025 and specializes in data exfiltration without file encryption, publicly claimed responsibility on October 10, 2025 and asserted it had stolen approximately 1.8 terabytes of data. Brevard reported the incident to the FBI and is offering twenty-four months of complimentary credit monitoring through IDX. Class-action investigations by U.S. plaintiff law firms began in late December 2025.

Data Points Exposed

5 verified field types
Email Address
Full Name High
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Full identity theft & synthetic identity fraud

Threat Actor: PEAR

PEAR
Ransomware

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Brevard Skin & Cancer Center breach?

Brevard Skin and Cancer Center, a Florida-based dermatology and skin-cancer treatment practice operating five locations in Brevard County, suffered a data exfiltration attack on September 28, 2025. The practice discovered the intrusion on October 14, 2025 and engaged outside cybersecurity…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation