Plastic surgery patients at risk after ransomware attack

Graham Cluley @gcluley

Plastic surgery patients at risk after ransomware attack

Companies and organisations are being hit by ransomware attacks all the time. And, normally, the impact on current and former customers of the affected firms are more likely to be inconvenienced rather than be put in any direct peril themselves.

But the nature of ransomware is changing, as online criminals might seek to not just extort money by encrypting an organisation’s data files but also threaten to find other ways to monetise data they might have stolen from compromised computer systems.

Take The Center for Facial Restoration (TCFFR) in Miramar, Florida, for instance. As the owner of the plastic surgery, Richard Davis MD, explains on its website, the organisation was hit by ransomware in November 2019:

Ransomware advisory

“On November 8, 2019, I received an anonymous communication from cyber criminals stating that my “clinic’s server (was) breached”. The hackers claimed to have “the complete patient’s data” for TCFFR that “can be publicly exposed or traded to third parties”. They demanded a ransom negotiation, and as of November 29, 2019, about 15-20 patients have since contacted TCFFR to report individual ransom demands from the attackers threatening the public release of their photos and personal information unless unspecified ransom demands are negotiated and met.”

Going to a plastic surgeon for some rhinoplastery (“nose job”) can be a deeply personal decision, and many people may feel highly uncomfortable with the notion that hackers not only know their personal information, but also might have photographs of their “before” and “after”. One can easily imagine that things become even more uncomfortable if it’s other parts of your body that you’ve had “tweaked”.

And clearly the criminals in this case aren’t bluffing. The Center for Facial Recognition says that within three weeks of being threatened by the extortionists, up to 20 patients have been contacted by the criminals with individual demands for payment.

Victimisation of past and current clients could go on for years. TCFFR believes that up to 3,500 patients have had their personal information stolen, including scans of driver’s licenses (and passports for foreign nationals), home addresses, email addresses, telephone numbers, insurance policy numbers, and partial payment card details.

All are advised to keep a close eye on their financial transactions in case of any suspicious activity.

Dr Davis apologised for the incident:

“I am sickened by this unlawful and self-serving intrusion, and I am truly very sorry for your involvement in this senseless and malicious act.”

I would feel pretty sick too.

Cosmetic surgery patients put an enormous amount of trust in those who are giving them a quick nip and tuck. Not only to do a good job, but also to exercise discretion about their past and present patients.

The last thing anyone considering surgery needs is to find they also have to weigh up whether they’re likely to be putting their privacy and financial security at risk by signing on the dotted line.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.