Cybercriminals are targeting plastic surgery practices with ransomware, using stolen sensitive information to force businesses to pay the ransom. Organisations and their employees are being urged to tighten up their cyber security, work on their online privacy and be vigilant when receiving emails and social media messages.
The warning was issued by the Federal Bureau of Investigation (FBI) earlier this week, BleepingComputer reported.
According to the FBI’s warning, hackers are calling plastic surgery offices and asking for active email addresses. They then contact the staff via email and try to trick them into downloading and running ransomware. They’d then use the access to steal sensitive information, personally identifiable information, but also sensitive medical records, which in some cases include intimate photos.
They would then combine this information with other data about the victims available elsewhere on the internet. This can include social media information (Facebook, Instagram, Twitter) and the like.
The final step is to contact plastic surgeons and patients, threatening to publish the data online unless they pay a ransom. In some cases, the attackers would send the information to close family or friends to put even more pressure on the victim.
In a statement to BleepingComputer, the American Board of Plastic Surgery said it was actively working with the FBI on the issue. “As the FBI is the primary investigator, the Board cannot comment at this time on the extent of the numbers involved,” it said.
The FBI’s warning also includes some suggestions on how to stay safe. The law enforcement agency advised plastic surgeons to configure their social media profiles for maximum privacy and carefully analyse who they have on their friends/followers list. It also recommends having strong, regularly updated passwords and monitoring bank accounts and credit reports.
