CyberCrimeSecuritySecurity Management

Plastic Surgery Photos Published After Clinic Hack

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Personal surgical pictures of British citizens among thousands published after Lithuanian clinic hack

Personal pictures have been published to the dark web after a plastic surgery clinic in Lithuania was hacked back in March.

It seems that 25,000 photos were published after the hackers demanded a 344,000 euros (£300,822) ransom, but the Grozio Chirurgija clinic in Lithuania refused to pay.

And it is reported in some media outlets that the photos, which were uncensored ‘before and after’ photos of cosmetic procedures, included intimate photos and data of more than 1,500 British citizens.

data breach, security breachesData Breach

During the data breach at the clinic, the hackers were able to obtain not just private photos but also passport and credit card details after they access the clinic’s database.

Patients Denmark, Germany, Norway and the UK reportedly received ransom demands up to 2,000 euros (£1,737) each.

Lithuanian Criminal Police Bureau’s deputy chief, told reporters including the BBC that the hackers had initailly demanded a “small penalty fee” (344,000 euros) for having vulnerable computer systems.

But when the clinic refused to pay, the hackers then published the data they had stolen.

Lithuanian police identified a hacking group called Tsar Team as being behind the theft and publication of the data.

“It’s extortion. We’re talking about a serious crime,” Andzejus Raginskis, Lithuanian Criminal Police Bureau’s deputy chief, was quoted as saying.

He then apparently warned that anyone who downloaded and stored the stolen data could be prosecuted and face a prison sentence of up to three years. They are working with European police forces on the investigation.

The clinic for its part has warned clients not to open or download anything sent by the blackmailers and to immediately inform the police of any suspicious texts or emails they have been sent.

Ransomware Plague

Ransomware has become the most common piece malware that people typically encounter. Last week for example numerous NHS systems and organisations around the world were crippled by the Wannacry ransomware.

But the message is getting through to some organisations not to give in to the ransom demands from the hackers.

Earlier this month Disney refused to pay a ransom in exchange for hackers not releasing a copy of Pirates Of The Caribbean: Dead Men Tell No Tales across the Internet.

Quiz: Are you a security pro?