Sensitive data, including nude photographs, have been leaked online by hackers who recently breached a plastic surgery clinic in Beverly Hills, California.
It is the latest in a string of plastic surgery clinics getting hacked.
The clinic, run by Dr. Gary Motykie, claimed in a police report to the Los Angeles County Sheriff’s Department that it began receiving extortion threats in May. As noted by NBC Los Angeles, the hackers demanded that Dr. Motykie pay $2.5 million or else the clinic’s private data would be made public.
The leaked data, which began appearing online in June, included not only topless photos of patients but names, birthdates, email addresses, phone numbers, and financial information. Even private images of Dr. Motykie himself were present in the data cache.
One patient affected by the breach, Elaina Shaffy, has since filed a lawsuit against Dr. Motykie alleging negligence and intentional infliction of emotional distress.
“Not only have they compromised your financial, your personal, and then they’re seeing you in these vulnerable, horrible pictures,” Shafft told NBC Los Angeles. “Who wants anyone to see those photos?”
In a statement on the incident, Dr. Motykie confirmed that “the third-party responsible for this situation has made demands for money in exchange for information to be deleted.”
“We and law enforcement cannot guarantee that any payment will result in information being deleted or used in any way in the future,” the statement continued. “We have no control over what the third party is doing or other persons who are attempting to spread misinformation concerning this matter or taking steps to put the investigation and individuals in difficult situations.”
The incident is nearly identical to a case last month in which the ALPHV ransomware group leaked data from a plastic surgery clinic in Beverly Hills.
The doctors mentioned in ALPHV’s post, however, do not include Dr. Motykie. It remains unclear at this time if the two reports are linked.
Similar cases have taken place before. In late 2020, the cybercrime gang REvil threatened to release photos of patients from a leading cosmetic surgery company in the U.K.
Experts warn that cybercriminals are increasingly targeting smaller organizations, specifically those in the field of healthcare, in an effort to extort victims.