$100 Million awarded Since 1994 6,000 Satisfied Clients

Posted On February 10, 2022 Consumer Privacy & Data Breaches

Data Breach Alert: Suncoast Skin Solutions

NOTICE: If you received a NOTICE OF DATA BREACH letter from Suncoast Skin Solutions, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.


Data Breach Alert

February 10, 2022 – Recently, Suncoast Skin Solutions announced a cyber security incident in which an unauthorized party encrypted certain documents stored on the company’s system. As a result of the Suncoast Skin Solutions data breach, the personal information of 57,730 individuals was compromised. Those impacted by a data breach should be sure they understand what happened, what their rights are, and how they can pursue them. The data breach lawyers at Console & Associates, P.C. are actively investigating the security breach. If an investigation reveals that Suncoast Skin Solutions failed to ensure the safety of consumer data leading up to the breach, the company may be liable through a data breach class action lawsuit.

Cyberattacks such as this one are increasingly common in today’s society. Today more than ever, businesses store data electronically. While there are certainly many ways to protect against cyberthreats, hackers have ways of identifying vulnerabilities in data security systems, which they can then exploit.

When a hacker breaches a company’s computer systems, they can steal sensitive consumer information from the compromised systems. While there is no guarantee that this information will be used for criminal purposes, that is not an uncommon occurrence. Thus, as a matter of course, after a company experiences a data breach, they will inform anyone whose information was compromised. Despite the risks data breaches present, many consumers fail to take precautionary measures to protect themselves from identity theft and other frauds.

Can Consumers Whose Data Was Leaked Pursue Legal Action Against a Company?

When you allowed Suncoast Skin Solutions access to your personal data, you trusted the company to keep your sensitive information safe. However, news of the Suncoast Skin Solutions data breach raises some very serious questions about the company’s data security measures and whether the company could have done more to prevent this type of cyber-attack.

Regardless of the industry, all businesses have a legal obligation to protect consumer information in their possession. Although creating and maintaining a data security system is costly, this is a necessary expense given the frequency with which cyberattacks occur.

Consumers whose personal, identifying, financial or healthcare-related data was compromised in a data breach can pursue legal action against a company that misused or mishandled their information. However, the investigation into the Suncoast Skin Solutions breach is only in its beginning phases. For that reason, it is too early to tell if Suncoast Skin Solutions was legally responsible for the breach. However, our data breach attorneys are investigating the Suncoast Skin Solutions security breach to determine the potential legal remedies of those affected.

If you have questions about your ability to pursue a data breach class action lawsuit against Suncoast Skin Solutions, contact a data breach attorney as soon as possible.

What to Do If You Received a Data Breach Notification from Suncoast Skin Solutions

If you receive a data breach notification from Suncoast Skin Solutions in the coming weeks, it means your personal data was among that which was compromised in the recent cyberattack. It also means a cybercriminal had access to—and may have stolen—your personal data. Given the risks involved, it is important you remain vigilant by taking the following steps:

    1. Figure Out What Information Was Stolen: Carefully review the data breach letter sent by Suncoast Skin Solutions keeping in mind the information you provided to the company as well as the type of data that was compromised in the breach. You should also take a copy of the data breach letter and keep it for your records. Of course, data breach letters are not always easy to understand. A consumer privacy lawyer can help victims of a data breach understand what was compromised and how to protect themselves.
    2. Prevent the Hacker from Accessing Your Accounts: Once you determine the scope of the breach and how it affected you, the next step is to take all steps to prevent cybercriminals from accessing your credit or financial accounts. For example, you should change all passwords and security questions for your online accounts. You should also consider setting up multi-factor authentication where it is available.
    3. Protect Your Credit and Your Financial Accounts: In the wake of a data breach, companies usually provide free credit monitoring services for a specified period of time. This is not a gimmick, and you do not give up any rights by taking a company up on their offer. Additionally, you should contact one of the three main credit bureaus to request a copy of your credit report. Even if you do not notice any signs of fraud or unauthorized activity, it is a good idea to request a fraud alert. Fraud alerts are free and serve as a red flag to potential lenders and creditors that your information was compromised.
    4. Consider a Credit Freeze: A credit freeze prevent access to your credit report unless you specifically authorize it. Credit freezes are free and last until you remove them. While placing a credit freeze on your accounts may initially seem like a drastic measure, according to the Identity Theft Resource Center (“ITRC”), doing so is the “single most effective way to prevent a new credit/financial account from being opened.” However, ITRC reports that just 3% of consumers whose information is leaked place a freeze on their accounts. Once a credit freeze is in place, you can temporarily lift the freeze if you need to apply for any type of credit.
    5. Regularly Monitor Your Credit Report and Financial Accounts: Protecting yourself in the wake of a data breach is not a one-time task. You should continually monitor your credit report and all financial accounts, keeping an eye out for any signs of unauthorized activity or fraud. You may also consider calling your banks and credit card companies to report the fact that your information was compromised in a data breach.

About Suncoast Skin Solutions

Suncoast Skin Solutions (“Suncoast Skin Solutions”) is a dermatology practice that provides surgical, medical, and cosmetic dermatological care to patients through 22 offices located throughout Florida. Suncoast offers customers a variety of services, including skin cancer treatment, Mohs surgery, medical dermatology, and cosmetic dermatology. The company is based in Lutz, Florida.

The Details of the Suncoast Skin Solutions Data Breach

According to an official notice filed by the company, on July 14, 2021, Suncoast Skin Solutions learned that an unauthorized party encrypted certain files on the company’s network and may have gained accessed consumer data located.  Once Suncoast Skin Solutions learned of the possible cyberattack, it initiated an internal investigation. On October 14, 2021, the investigation confirmed that the company was the victim of a may have been viewed by the unauthorized party.

Upon learning of the extent of the security breach, Suncoast Skin Solutions then reviewed the affected files to determine what information was compromised. On November 8, 2022, the company confirmed that the information may have included certain consumers’ protected health information. While the compromised information varies by consumer, it may include their name, date of birth, clinical information, doctor’s notes, and other limited treatment information. According to one source, approximately 57,730 consumers are believed to have been affected by the breach.

More recently, Suncoast Skin Solutions began sending out data breach notification letters to all individuals whose information was contained in the affected files.

Below is a portion of the Suncoast Skin Solutions online notice regarding the data breach. The complete version can be found here.

Dear [Consumer],

Suncoast Skin Solutions (“Suncoast”) has become aware of an incident that may have exposed some limited patient data, including names, dates of birth, clinical information, and other limited treatment information. Suncoast takes its patients’ privacy very seriously and has taken steps to notify any patients who may have been affected by this incident. Suncoast sincerely regrets any inconvenience that this incident may cause and remains dedicated to protecting patients’ personal information.

What Happened: On July 14, 2021, Suncoast discovered that some of its systems were encrypted by an unknown party.  Suncoast acted quickly to prevent the encryption of all of its systems. Suncoast promptly hired a specialized cybersecurity firm to conduct a forensics investigation to determine the nature and scope of the compromise. The forensic investigation concluded on October 14, 2021. Suncoast then did a preliminary review of their systems to determine if patient information was potentially compromised that concluded on November 8, 2021.   Meanwhile, Suncoast is engaging a third party vendor to review the impacted systems in an effort to identify specific individuals whose information may have been impacted.

What Information Was Involved: Personal data including patients’ name, date of birth, clinical information, doctor’s notes, and other limited treatment information may have been viewed by an unauthorized individual. At this time, Suncoast has no reason to believe that any personal information of Suncoast’s patients has been misused as a result of this incident. Out of an abundance of caution, Suncoast notified the patients potentially impacted by the incident.

What We Are Doing: In response to this incident, Suncoast has taken the following steps: engaging a third party vendor to review its cyber security procedures and transferring all of its patient data to an encrypted system.

What You Can Do: Upon discovery of this incident, Suncoast is in the process of obtaining complimentary credit monitoring for certain impacted individuals. Suncoast will contact you by mail if your information was impacted and you are entitled to credit monitoring. Meanwhile, Suncoast refers you to the Additional Important Information section of this letter, which provides you with further information to obtain your credit report, place fraud alerts and freeze your credit.

Suncoast sincerely regrets any inconvenience that this incident may cause to its clients and remains dedicated to protecting their information.


NOTICE: If you received a NOTICE OF DATA BREACH letter from Suncoast Skin Solutions, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.