Plastic surgeons and their patients are being targeting by cybercriminals, the U.S. Federal Bureau of Investigation has warned.
The cyberattacks have included extortion attempts in which private patient images are illegally accessed, to be divulged publicly if a ransom isn’t paid by the patient or plastic surgery practice concerned.
The #FBI released a Public Service Announcement (PSA) warning the public about cybercriminals who target plastic surgery offices to obtain sensitive medical records. Learn how to protect yourself: https://t.co/n9XfcnfMBc pic.twitter.com/zVaMs6Bp87
— FBI (@FBI) October 26, 2023
The FBI warned that the multi-faceted scam begins when criminals gain illegal access to private healthcare information, such as sensitive patient photographs.
Social engineering and social media are then leveraged by the hackers to obtain additional data for extortion. By way of example, hackers may first leak a patient’s sensitive photographs to his or her closer acquaintances to prove the hacker actually has them.
Finally, the surgeons and patients whose private and protected images, documents, or property were illegally obtained are contacted by the perpetrators who demand money or favor in exchange for keeping the hacked information private.
“Cybercriminals tell victims they will remove and stop sharing their [electronically protected health information] only if an extortion payment is made.”
U.S. FBI, October 17, 2023
Plastic surgeons Dr. Gary Motykie, and Drs. David and Eugene Kim were the subject of two such cyber attacks in June of this year.
In Motykie’s case, $2.5 million was demanded in exchange for keeping patient images and other sensitive material private, DataBreaches, LLC, reported.
"Dr. Gary Motykie was allegedly issued with a ransom demand of $2.5 million. When payment was not received, the threat actor started publishing the stolen data, including topless images of patients along with personal information such as names, birthdates, email addresses, phone…
— Rob Cheng 🇺🇸 (@chengrob) July 18, 2023
The FBI advises that plastic surgeons and their patients enhance their personal privacy and safety, specifically through the following:
- Social media:
- Review profile settings in your social media accounts to strengthen privacy.
- Preferably, make your account private and limit what can be posted by others on your profile.
- Audit friend lists to ensure they consist of and are visible to people you know.
- Only accept friend requests and follows from people you know.
- Enable two-factor authentication to login.
- Passwords:
- Secure accounts (e-mail, social media, financial, bill pay) by creating unique and complex passwords for login; consider using a password manager to help you remember them.
- Bank Accounts:
- Monitor bank accounts and credit reports for any suspicious activity; consider placing a fraud alert or security freeze on your credit reports to prevent unauthorized access.”
The FBI also asks that victims of such cybercrimes report any incident or suspicion to the FBI IC3 at www.ic3.gov, with as much information as possible.