A ransomware gang released what it says are nude patient photos as part of an effort to extort a Beverly Hills-based plastic surgeon.
The group, known as Hunters International, shared four sample photographs to its site on the dark web along with a post about the targeted doctor and his privacy policy.
“Patients of Mr. Schwartz’s clinics are top management of various organizations, bloggers, businessmen, influencers and other ‘not ordinary’ individuals,” the post said. “Mr. Schwartz charges $500 for the initial appointment. ‘As our patient, we want you to know that we respect the privacy of your personal medical information and will do all we can to secure and protect your privacy.’”
In a follow-up post, the group stated that it was preparing to release patient emails before calling on the surgeon to “contact us ASAP.”
The post also suggests that the hack could include more than 248,000 files in total. The clinic has offices in both Beverly Hills and Dubai,
The Daily Dot located what appears to be the website for the doctor in question but did not receive a response after reaching out for questioning. Examination of the doctor’s social media profiles do not mention the alleged hack.
As noted by Brett Callow, a threat analyst for the cybersecurity firm Emsisoft, the FBI cautioned just last week that cybercriminals are increasingly targeting plastic surgery clinics.
“The FBI is warning the public about cybercriminals who target plastic surgery offices, surgeons thereof, and patients to harvest personally identifiable information and sensitive medical records, to include sensitive photographs in some instances,” the FBI said. “Once successful, cybercriminals use social engineering techniques to enhance the harvested data and extort individuals for cryptocurrency.”
The alleged hack by Hunters International would not be the first such clinic to be extorted by ransomware gangs.
The cybercrime group ALPHV, commonly referred to as BlackCat, threatened in June to release photos from another clinic in Beverly Hills as well. And in late 2020, the cybercrime gang REvil similarly threatened to release patient photos after breaching a leading cosmetic surgery company in the U.K.
It remains unclear how much money Hunter Internationals is seeking from the clinic in exchange for allegedly keeping its data offline.