Cybercriminals are targeting plastic surgery offices with ransomware and using stolen sensitive information to pressure companies to pay the ransom. Organizations and their employees are urged to strengthen cybersecurity, work on their privacy online and be vigilant when receiving email and social media messages.
This warning was issued earlier this week by the Federal Bureau of Investigation (FBI), BleepingComputer reported.
According to the FBI warning, hackers are calling plastic surgery offices and asking for active email addresses. They then reach out via email, attempting to trick the employees into downloading and running ransomware. They would then use the access to steal sensitive information, personally identifiable data, as well as sensitive medical records that in some cases contained intimate photos.
Peer pressure
They then linked this information to other data about the victims, which was available elsewhere on the Internet. This includes information on social media (Facebook, Instagram, Twitter) and the like.
The final step is to reach plastic surgeons and patients and threaten to release the data online unless they pay an extortion demand. In some cases, the attackers sent the information to close family members or friends to put further pressure on the victim.
In a statement issued to BleepingComputerthe American Board of Plastic Surgery said it was actively working with the FBI on this. “As the FBI is the lead investigator, the Council cannot comment on the extent of those affected at this time,” the report said.
The FBI’s warning also includes some suggestions on how to stay safe. The law enforcement agency advised plastic surgeons to configure their social media profiles for maximum privacy and carefully analyze who they have in their friends/followers list. Having strong, regularly updated passwords is also a recommendation, as is checking bank accounts and credit reports.