Plastic surgery patients at risk after ransomware attack

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Plastic surgery patients at risk after ransomware attack

Companies and organisations are being hit by ransomware attacks all the time. And, normally, the impact on current and former customers of the affected firms are more likely to be inconvenienced rather than be put in any direct peril themselves.

But the nature of ransomware is changing, as online criminals might seek to not just extort money by encrypting an organisation’s data files but also threaten to find other ways to monetise data they might have stolen from compromised computer systems.

Take the Center for Facial Restoration (TCFFR) in Miramar, Florida, for instance. As the owner of the plastic surgery, Richard Davis MD, explains on its website, the organisation was hit by ransomware in November 2019:

Ransomware advisory

“On November 8, 2019, I received an anonymous communication from cyber criminals stating that my “clinic’s server (was) breached”. The hackers claimed to have “the complete patient’s data” for TCFFR that “can be publicly exposed or traded to third parties”. They demanded a ransom negotiation, and as of November 29, 2019, about 15-20 patients have since contacted TCFFR to report individual ransom demands from the attackers threatening the public release of their photos and personal information unless unspecified ransom demands are negotiated and met.”

Going to a plastic surgeon for some rhinoplastery (“nose job”) can be a deeply personal decision, and many people may feel highly uncomfortable with the notion that hackers not only know their personal information, but also might have photographs of their “before” and “after”. One can easily imagine that things become even more uncomfortable if it’s other parts of your body that you’ve had “tweaked”.

And clearly the criminals in this case aren’t bluffing. The Center for Facial Recognition says that within three weeks of being threatened by the extortionists, up to 20 patients have been contacted by the criminals with individual demands for payment.

Sign up to our free newsletter.
Security news, advice, and tips.

Victimisation of past and current clients could go on for years. TCFFR believes that up to 3,500 patients have had their personal information stolen, including scans of driver’s licenses (and passports for foreign nationals), home addresses, email addresses, telephone numbers, insurance policy numbers, and partial payment card details.

All are advised to keep a close eye on their financial transactions in case of any suspicious activity.

Dr Davis apologised for the incident:

“I am sickened by this unlawful and self-serving intrusion, and I am truly very sorry for your involvement in this senseless and malicious act.”

I would feel pretty sick too.

Cosmetic surgery patients put an enormous amount of trust in those who are giving them a quick nip and tuck. Not only to do a good job, but also to exercise discretion about their past and present patients.

The last thing anyone considering surgery needs is to find they also have to weigh up whether they’re likely to be putting their privacy and financial security at risk by signing on the dotted line.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.