The FBI has issued an official warning that particular extortion groups are targeting plastic surgery offices.
In a type of photo blackmail scheme, extortionists are using infiltrating malware to obtain personal information, and, of course – money payouts.
Let’s take a look at why plastic surgery offices have become a recurring target and what you can do as both a healthcare clinic – and a patient – to keep yourself safe.
According to the FBI warning, cybercriminals have been found repeatedly using spoofed emails and phone numbers to target plastic surgery offices across the United States. The technique is to use phishing attacks to spread malware. Extortionists then steal data from compromised systems after gaining access to plastic surgery office networks via email or phone. The final move is to extort surgeons and patients through blackmail.
Documents stolen in these breaches can contain very sensitive data, including personally identifiable information, sensitive medical records, and, in some cases, even intimate photographs taken for medical purposes.
After obtaining this data, criminals add more information to the harvested electronic protected health information (ePHI) using open-source information, such as social media details, to make their extortion attempts more convincing.
The next step is for extortionists to reach out to patients and plastic surgeons through emails, phone, social media, and text messages and threaten to share sensitive ePHI unless the target completes the cryptocurrency payment demand.
In some cases, criminals will even share sensitive data with victims’ family, friends, colleagues, or public-facing websites to further threaten them into payment action.
The attackers promise that they will stop sharing ePHI after receiving the demanded extortion payment.
Both healthcare offices and patients should take the following steps to ensure privacy and avoid extortion attempts on their personal information and patient data.
With an experienced history of providing IT services for healthcare clinics in the Greater Phoenix Area, we intimately understand the pressures of patient privacy at PK Tech. With extensive knowledge of HIPAA, we will help your clinic stay in compliance and protect your dedicated patient base.
Get in touch with the PK Tech team today if your clinic is looking to prioritize your cybersecurity in 2024.