Hackers on Tuesday publicly posted more than 25,000 files and private images stolen from a Lithuanian plastic surgery clinic, including nude and “before-and-after” photos, after attempting to financially extort the medical facility and its clients, according to multiple reports.
The clinic, Grozio Chirurgija (which in English translates to “Cosmetic Surgery”), has released a statement acknowledging the disastrous breach, which was perpetrated by a hacking collective called “Tsar Team.” It is unclear at this time if this group is affiliated with the allegedly Russian government-backed threat group Fancy Bear, which sometimes goes by the alias “Tsar Team,” or if this is merely a coincidence.
In addition to patient images, some of which belong to celebrities, the hackers reportedly also published passport scans, insurance and address information and social security numbers. Prior to the May 30 dump, the hackers released several hundred images in March, some reports have noted.
In its statement, Grozio Chirurgija urges victims not to open or download information or visit links provided by the blackmailers or unknown parties. It also advises victims to report to the appropriate web administrators if they see their data published or referenced online, and to alert the police if they have been contacted by the criminals.
Various news outlets have reported that the perpetrators earlier this year tried to blackmail patients in the U.S., Denmark, Germany, the U.K., Norway, and other European countries.
Citing Andzejus Raginskis, deputy chief of Lithuania’s criminal police bureau, an ABC News report states that victims were asked to pay up to 2,000 euros, or more than $2,200, to ensure that their images and data would not be doxxed online. Additionally, the clinic itself refused a ransom demand of 344,000 euros ($385,000+) to prevent the data dumping, the ABC report continues.
A different article by the International Business Times cited different figures, reporting that the clinic was blackmailed for 300 Bitcoins, or nearly $700,000.
“A new common theme… being conducted by hackers is to seek to damage the company in any way possible when their demands are not met,” said Paul Calatayud, chief technology officer at security management firm FireMon, in emailed comments. “Medical test results and health conditions do not have value on the black market, but pictures of patients, or divulging medical conditions such as HIV, would cause great harm to those patients if made public, and this holds value to those institutions charged with protecting these secrets.”
SC Media has reached out to the Lithuanian police for more details. SC Media also reached out to the FBI to confirm if any Americans reported receiving a ransom demand.
Shortly after the incident involving Grozio Chirurgija, news broke of another data breach affecting a plastic surgery clinic – this on based in Beverly Hills, Calif. In a June 1 online statement, Advanced ENT Head & Neck Surgery disclosed that disgruntled former employee allegedly stole corporate documents and customers’ payment card information, IDs, copies of checks, usernames and passwords. The perpetrators also allegedly secretly recorded conversations and photographed patients’ before and during surgery, later uploading these images onto social media.
As many as 15,000 medical files were stolen, according to a report from CBS Los Angeles, and patients from at least 16 U.S. states and three foreign countries are said to be affected, including celebrities. Reports do not specifically reference anyone electronically hacking the clinic to obtain the stolen files.
UPDATE: SC Media updated this article to include news of a breach involving a Beverly Hills plastic surgery clinic.