Photos of exposed patients and medical records have been posted online by extortionists who hacked a Las Vegas plastic surgery, driving victims to file a lawsuit claiming not enough care was taken to protect their private information.
As 8 News Now reports, Hankins & Sohn Plastic Surgery in Las Vegas is being sued for "harm resulting from a data and privacy breach" after hackers claimed they had gained access to patients' names, contact details, dates of birth, social security numbers, drivers' license information, medical history, consultation notes, and photographs.
The first Hankins & Sohn knew of a cybersecurity incident was when it became aware of "suspicious activity" around February 23, 2023.
In a disclosure letter distributed in April the plastic surgery firm claimed that it had quickly taken steps "to investigate the validity of the claims, and to assess the nature and scope of the activity and what information may have been affected."
According to the class-action lawsuit, Hankins & Sohn is accused of not doing enough to "implement adequate and reasonable cyber-security procedures and protocols" necessary to protect patients' sensitive information.
Amongst the alleged victims is Jennifer Tausinga, who claims she was contacted via text in late March by one of the hackers who threatened to distribute her stolen information unless she paid a ransom.
According to documents filed with the court, when Tausinga refused to co-operate with the hacker photographs from her plastic surgery consultation were shared with her friends, colleagues, and neighbours.
Another victim, who received a threatening email from hackers in July that linked to a website containing exposed pre-and-post operation photos of herself, was told that she would have to pay a $800 ransom if she did not want the photographs shared with her co-workers and friends.
Other plaintiffs detail similar experiences in the lawsuit, and refer to the anxiety and mental anguish they have suffered from since the data breach which was only exacerbated when private details were published online.
"I didn't even want to leave my house. I didn't even want to talk to anybody," one victim told the media.
The FBI is investigating the data breach and extortion attempts, and according to victims it succeeded in taking down the website sharing the indecent photos and personal information. However, it is reported that last month new claims were published by the hackers online saying that the plastic surgery was refusing to co-operate, and that more patient details and photos would be released.
Hankins & Sohn says that it continues to work with law enforcement agencies to protect its patients' information, and to bring those responsible to justice.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024