article featured image


A fresh cyberattack targeted a medical clinic and led to a Forefront Dermatology data breach that compromised the credentials of 2.4 million patients and employees.

Forefront Dermatology Data Breach Leads to Credentials’ Disclosure

DataBreaches.net has reported a new information leakage during a recent cyberattack that targeted Forefront Dermatology S.C, a Winsconsin-based dermatology clinic that has offices in Washington D.C. and other 21 states. The publication said that behind the attack is none other than the Cuba Ransomware Group because they discovered on the dark website of the gang 130 files containing data related to the company’s network, systems, and logins to health-care-insurance-websites.

What Data Has Been Leaked?

Forefront shared its input on their website, announcing the type of supposedly leaked data during the Forefront Dermatology data breach.

This includes data related to providers, patients, and employees:

  • Account numbers of patients;
  • ID code related to the healthcare insurance scheme;
  • Medical file numbers;
  • Service info;
  • Names of providers;
  • Name, birth date, and address of the patients;
  • Info on treatment.

However, there is NO evidence that this includes:

  • Financial Info;
  • Driver’s license number;
  • Social security numbers.

What Caused the Forefront Dermatology Data Breach?

Many of the leaked passwords were not strong enough to face this kind of cyberattack. They contained the word “Forefront” within and other included versions of “DAWderm1!.”.

Forefront company took immediate measures and started notifying patients, employees, and their compromised insurers.

Cuba Ransomware Group Back in the Game

Back in May, the Profero CEO, Omri Segev Moyal, observed that the method used by Cuba Ransomware groups consists of

symmetric ChaCha20 algorithm utilizes the symmetric ChaCha20 algorithm for encrypting files, and the asymmetric RSA algorithm for encrypting key information. As a result … files could not be decrypted without the threat actor’s private RSA key.


The same person also said that Cuba Ransomware Group has kept a low profile for a while, but now the new Forefront dermatology data breach proves they are back in the game.

Databreachtoday.com also mentions that some Group-IB researchers revealed in May the method that the group adopted by coopting the Hancitor malware downloader and using it lately together with Cuba ransomware to exfiltrate data and extort ransomware during a phishing campaign.

Gradually Discovering It

The investigation the clinic has conducted led to some discoveries, the company announced in the same notification.

The company’s IT network intrusion was firstly discovered on the 4th of June. They immediately took measures, went offline, made sure their systems were protected and sent a notification to law enforcement.

Researchers from Forefront came to some conclusions on the 24th of June. The results stated on their website point out that the Forefront Dermatology Data Breach happened between 28th May and 4th June with unauthorized threat actors obtaining access to the company’s network.

Author Profile

Andra Andrioaie

Security Enthusiast

linkedin icon

Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!