The same threat actors who were responsible for attacks on at least three plastic surgery practices that DataBreaches knows about reportedly hit a fourth one last year. Peter Senzamici reports:
Dozens of patients of a premier Manhattan plastic surgeon had their hacked nude images and social security numbers posted online — and the doctor failed to notify both his clients and the authorities, according to a class action lawsuit.
Dr. Richard Swift’s office, located on the monied Upper East Side, was hacked in an alleged malware attack last year, with a Russian-hosted website featuring sensitive information of at least 22 patients, the suit claims.
… Linda Q. was one of the clients, alleging that images of her breasts as part of a consultation were hacked and published online — and she only found out when the hackers reached out to her directly.
Read more at The New York Post.
The threat actors involved are the same individual(s) who previously attacked Gary Motykie, M.D., Hankins & Sohn Plastic Surgery Associate, and were responsible for the second cyberattack on Jaime Schwartz, M.D. As reported on this site, in each case, they published nude photos of the patients with their name, personally identifiable information, and details of their medical records. And in each case, they reached out directly to patients, offering to remove their pictures and details if the patients paid them directly.
The leak sites have been impossible to remove because the host does not cooperate with U.S. law enforcement.
According to the New York Post, the leak site is currently offline. Whether that means that Dr. Swift paid some extortion demand or not is unknown to DataBreaches.net.