Cybercriminals Target Plastic Surgery Offices, Extorting Doctors and Patients
Hackers Capitalize on Sensitive Procedures For Ransom
Overt Operator
October 20, 2023
In a disturbing trend, cybercriminals are increasingly targeting plastic surgery offices, stealing medical records, and using them to extort doctors and patients. The FBI recently issued a public service announcement, alerting plastic surgery providers to the specific threat they face. Hackers capitalize on the sensitive nature of these procedures, threatening to expose personal information and explicit photographs unless a ransom is paid.
Data breaches have been reported by plastic surgery providers in California and South Dakota over the past few months. However, this issue extends beyond US borders, with plastic surgeons in Brazil and the UK falling victim to similar ransomware attacks in recent years.
This surge in cyberattacks on plastic surgery offices is just one example of the broader and deeper problem of healthcare cybersecurity. Shawn Surber, senior director of technical account management at Tanium, highlights the changing behavior of malicious actors towards healthcare providers.
"There was a time when malicious actors would 'take it easy' on healthcare providers," Surber said, as quoted by Dark Reading.
"However, in the last couple of years, that type of behavior has changed, and more healthcare accounts are coming under full attack."
Plastic surgeons and their patients make enticing targets for cybercriminals due to the financial nature of the business. Plastic surgery is a lucrative industry, often requiring upfront payment. This means that both surgeons and patients generally have significant disposable income and a strong interest in safeguarding their privacy, particularly to prevent potential embarrassment rather than concerns about identity theft.
Moreover, independent plastic surgery practices face unique challenges in terms of cybersecurity. These small offices often have limited, contracted IT support and frequently collaborate with private surgery centers that share similar limitations. As a result, physicians and surgery centers may communicate outside secure networks, making them vulnerable to cyberattacks.
To combat this growing threat, plastic surgery offices must prioritize cybersecurity measures. Implementing robust security protocols, such as multi-factor authentication, encryption, and regular data backups, is crucial. Additionally, training employees on cybersecurity best practices and raising awareness about potential threats can help prevent successful attacks.
The healthcare industry, as a whole, must recognize the urgency of enhancing cybersecurity measures. Collaboration between healthcare organizations, government agencies, and cybersecurity experts is necessary to develop comprehensive strategies that protect sensitive patient data and prevent cybercriminals from exploiting vulnerabilities.
As plastic surgeons and their patients continue to fall victim to cyberattacks, the need for proactive cybersecurity measures becomes even more critical. By investing in robust security measures and fostering a culture of cybersecurity awareness, the plastic surgery industry can protect the privacy and trust of both doctors and patients, ensuring the safety of their sensitive medical records.