FBI: Hackers Are Targeting Plastic Surgery Offices for Extortion Schemes
The FBI is warning about an extortion scheme involving hackers targeting plastic surgery offices to steal data on patients.
By stealing the information, the hackers can then pressure the plastic surgeons and patients to pay up or have the data leaked. In some cases, the stolen medical records can include photos of the patient, the FBI adds, a likely reference to pre- and post-operation images.
Hackers have been infiltrating plastic surgery offices by using phishing messages designed to deploy malware. “Once successful, cybercriminals harvest electronically protected health information, (ePHI), which includes sensitive information and photographs,” the FBI says.
Using the stolen information, cybercriminals will research other details about the affected patients and the doctors at the plastic surgery office. This can include hacking the patient’s online accounts through social engineering techniques.
They’ll then bombard the patient or doctor with messages on social media, email, and text, asking for payment to prevent the compromised data from becoming public. “To exert pressure on victims for extortion payments, cybercriminals share the sensitive ePHI to victims' friends, family, or colleagues, and create public-facing websites with the data,” the FBI adds.
The tactic is nothing new. As far back as 2017, hackers have been targeting plastic surgery offices with the goal of extortion. But the new warning from the FBI suggests that law enforcement may have seen an increase in the activity in the US.
In July, the American Society of Plastic Surgeons warned about a ransomware gang that was launching a “concerted attack on plastic surgeons via phone solicitation and email.” To do so, the ransomware hackers tried to
Read more on pcmag.com
