Plastic surgery groups continue to be an attractive target for threat actors, and this week we learned that Transform Hospital Group in the U.K. has been attacked by REvil (Sodinokibi) ransomware threat actors. As proof, the REvil posted some screen shots of directories (a portion of one appears below).
In a post on their dark web leak site, REvil claims that they exfiltrated about 600 GB of “the most important documents, personal data of customers, as well as intimate photos of these customers (this is not a completely pleasant sight:))” and are threatening to post the first batch of files next week, which they describe as:
Pacient Personal – 20гб
TMG OFFICIAL Documents – 50гб
The “Pacient Personal – 20гб” appears to relate to a 20 GB folder called “Pacient Record.” (гб is Russian for GB). The “TMG OFFICIAL Documents” refers to another folder on the drive, about 50 GB in size.
Looking at the screenshots, it may be that the data exfiltration occurred on or about December 6th.
A spokesperson for Transform Hospital Group provided the following statement to DataBreaches.net:
We can confirm that our IT systems have been subject to a data security breach. None of our patients’ payment card details have been compromised but at this stage, we understand that some of our patients’ personal data may have been accessed. We have alerted all of our patients to the incident and will be providing them with regular updates as the picture becomes clearer. ‘We have secured our systems and a full investigation is underway to understand the extent of the incident. We are working with the National Cyber Security Centre, Information Commissioner’s Office, cyber security experts and the police to resolve the situation as quickly as possible.
DataBreaches.net will continue to monitor this incident for updates.