Hackers hit plastic surgery, threaten to release patient list and photographs

London Bridge Plastic Surgery & Aesthetic Centre (LBPS) in Wimpole Street, London, is a favourite haunt of surgery-addicted celebrities seeking facelifts and breast augmentations.

Famous clients include publicity-shy glamour model/author/reality TV star Katie Price, who just a few months ago made a video endorsing the surgery for her “silhouette face lift”.

The cosmetic surgery has embraced social media, even going so far as to broadcast breast implant operations live on Snapchat.

Chances are, however, that most of LBPS’s clients wouldn’t feel happy with the world knowing that they’ve “had some work done”, and would certainly prefer that any private photographs of their wobbly or intimate body parts did not fall into the hands of the public.

However, that’s precisely the risk – after it was revealed that a notorious hacking gang had broken into the cosmetic surgery’s network and stolen sensitive data and photographs.

The Dark Overlord, which has previously attempted to blackmail many organisations – including the likes of Netflix (over stolen episodes of TV prison drama “Orange is the New Black”), and Gorilla Glue, as well as leaking information from hacked investment banks and published millions of healthcare records – has claimed that the hacked information may even include details of members of royalty.

A statement published on LBPS’s website confirmed that a data breach had occurred:

“We took measures to block the attack immediately in order to protect patient information and we informed the Metropolitan Police who launched an investigation. Regrettably, following investigations by our IT experts and the police, we believe that our security was breached and that data has been stolen. We are still working to establish exactly what data has been compromised.”

“Security and patient confidentiality has always been of the utmost importance to us. We invest in market-leading technology to keep our data secure and our systems are updated daily. We are deeply saddened that our security has been breached.”

“We are profoundly sorry for any distress this data breach may cause our patients and our team are available around the clock to speak to anyone who has any concerns by calling 0203 858 0664.”

Sadly this isn’t the first time that have seen cosmetic surgeries targeted by hackers. Past cases have involved other plastic surgery clinics based in London as well as Lithuania.

The hack at London Bridge Plastic Surgery is being investigated by London’s Metropolitan Police.

But for the clinic’s patients that is going to be small relief. When we place our trust in organisations, and share with them our most personal information, we have an expectation that it will be properly protected and kept far from the grasp of criminal hackers through following security best practices – such as encryption, strong passwords, multi-factor authentication, and so forth.

Other cosmetic surgeries who wish to avoid hackers damage their public image would be wise to invest properly in security now, or face the consequences later.

Author Graham Cluley, We Live Security

  • chris

    Are any technical details known?

Follow us

Copyright © 2018 ESET, All Rights Reserved.