DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

More plastic surgery patients have their nude photos and information leaked

Posted on July 24, 2023 by Dissent

An unknown party or parties who created a leak site with nude photos and medical records of a well-known plastic surgeon’s patients have uploaded more of his patients’ photos and records.

In what was their third update to the leak site since June 5, those responsible wrote that they have changed their strategy. Before publishing any more of Dr. Gary  Motykie’s patients’ data, the patients will reportedly be given a chance to pay $2500 to get their data deleted and not made public.

They also note that the price for closing the website and deleting all data is $800 000, which they claim is  “4-5 months of Gary’s clinic work.” In an email to DataBreaches, they claim that they did not  — and do not — lock target’s systems. The price is for deleting data that they exfiltrated.

In that email, they also denied being affiliated with AlphV (who had also hit a plastic surgery group) or any other ransomware group. They claim that they are an independent group. They also reiterated a claim they had made in a previous email that the 3,461 patients reported to HHS do not include patients who had virtual consults with the doctor. DataBreaches has reached out to ask Dr. Motykie if his report to HHS did include virtual consult patients, but no reply was immediately available.

Other details they provided included their response to this site’s inquiry about access. They would not disclose initial access details, but they did disclose something about lateral movement: “It was as easy as it can be,” they wrote. “[the] clinic stored plain text passwords in file on their server and anybody on their network had an access to this file with passwords inside.”

Files attached to their email contained more than a dozen employee or staff login credentials from 2011-2013. Whether those credentials were still working in 2023 is unclear, and DataBreaches has sent them a follow-up inquiry as to whether those old credentials were still working at the time of the attack or if they found newer ones on the server. Either way, they say they no longer have access to the server.

One other question that DataBreaches posed to them concerned the very personal, NSFW sexually explicit videos involving Dr. Motykie and some other videos involving his brother in private moments with his girlfriend. When asked, those responsible for the leak site claimed that Dr. Motykie stored the explicit videos of himself on his work PC and stored the private and sensitive videos of his brother on his OneDrive. Whether Dr. Motykie had his brother’s consent to have or store those videos is unknown to DataBreaches, and the brother’s lawyer had not responded to inquiries.  DataBreaches has followed up by asking those responsible for the leak site whether the brother has contacted them at all to request they remove the videos of him.

Three leak sites with nude photos and medical records of plastic surgery patients continue to pose a serious risk to patient privacy as well as the risk of fraud or further blackmail attempts. Did these three surgery practices (Beverly Hills Plastic Surgery, Dr. Gary Motykie, and the Hankins and Sohn Plastic Surgery) adhere to the HIPAA Security Rule in how they protected patient data? Hopefully, HHS will investigate all of these incidents.

Related posts:

  • Two California plastic surgery practices suffer cyberattacks and embarrassing patient data leaks
  • Update: Leak site with plastic surgery patients’ data and sexually explicit videos removed
  • Another plastic surgery practice appears to have been hit — this time by Hunters International (5)
  • Now a third plastic surgery practice has nude patient photos leaked
Category: Breach IncidentsHackHealth Data

Post navigation

← Pointed to a phishing campaign targeting the healthcare sector, Microsoft leaps into action to … not even investigate?!
Umbreon Unplugged: Unraveling the Sequel to Failures →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.