One of the most recent developments in the world of cyber crime to the tactic of threat actors to deploy ransomware to encrypt files to stop data access, but also to obtain data and threaten to publish or sell on the stolen data if the huge ransom demands are not met. This new tactic aims at growing the chance of finding victims paying the ransom.
The Center for Facial Restoration in Miramar, FL, is one of the biggest healthcare suppliers to suffer such an attack. Richard E. Davis MD FACS of The Center for Facial Restoration was sent ransom demand on November 8, 2019 telling him that his clinic’s server had been violated and data had been illegally taken. The hacker said the data could be publicly exposed or sold to third parties if the ransom was not paid.
Dr. Davis submitted an official complaint with the FBI’s Cyber Crimes Center and met with the FBI agents looking into the attack. After the attack happened, Dr. Davis was contacted by around 15-20 patients who had also been contacted by the hacker and issued with a ransom demand. The patients were informed that their photographs and personal data would be released if the ransom demand was not met.
The substitute breach notice submitted by Dr. Davis’s said that the compromised server contained the data of around 3,600 patients. While it is possible the hackers stole the files of all patients, there are reasons to suspect only a tiny number of patient photographs and personal data may have been illegally obtained.
It has taken some time to discover exactly which patients have been affected as much of the data held on patients was stored as scanned patient intake forms rather than a database. Each file had to be opened and reviewed manually and that was a painstakingly slow and work intensive task.
The range of data exposed was restricted to photocopies of driver’s licenses or passports, home addresses, email addresses, telephone contact details, insurance policy numbers, and credit card numbers, most of which only revealed the last 4 digits.
All patients that may have been impacted by the attack have now been notified and steps have been taken to enhance security, including replacing all hard drives and implementing new firewalls and anti-malware software. The ransom demand was not met.