Hackers threaten to leak data from celebrity plastic surgery clinic

  • 26 October 2017
Hackers threaten to leak data from celebrity plastic surgery clinic

Hackers are threatening to release customer data from a plastic surgery clinic in London known for its roster of high-profile clients.

A group known as The Dark Overlord was able to access sensitive information from London Bridge Plastic Surgery Clinic after breaching its IT systems on 24 October.

According to V3, the hackers have threatened to release the stolen data, which is reported to include intimate photos of clients, unless an undisclosed ransom is paid.

The group has suggested that the data it has stolen includes information on members of the British Royal Family.

London Bridge Plastic Surgery Clinic confirmed that an attack had taken place on Tuesday. A spokesperson said that the clinic “took measures to block the attack” immediately after being made aware of the breach, but was unable to prevent data being stolen.

“We are still working to establish exactly what data has been compromised”, the spokesperson said in a statement. “The group behind the attack are highly sophisticated and well known to international law enforcement agencies having targeted large US medical providers and corporations over the past year.

“We are horrified that they have now targeted our patients. Security and patient confidentiality has always been of the utmost importance to us. We invest in market-leading technology to keep our data secure and our systems are updated daily. We are deeply saddened that our security has been breached.”

Research published by Accenture earlier this year revealed that 13% of respondents in England had been the victim of personal medical data theft, a topic that has seen increased attention since the infamous WannaCry cyberattack on NHS services in May 2017.

Metropolitan Police are now investigating the incident. A spokesperson from the Information Commissioner’s Office told Digital Health News that it too was aware of the cyber attack and was looking into the details.

“All organisations are required under data protection law to keep people’s personal data safe and secure”, they said.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

How to equip NHS staff with cyber security skills they will use

How to equip NHS staff with cyber security skills they will use

Too often, cyber security training is a seen as a burden. But it is possible to make it relevant and useful, writes Nasser Arif.
Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside Integrated Care System has selected a healthcare cyber security platform from Cynerio to strengthen its defences.
How to find your inner ‘cyber defender’

How to find your inner ‘cyber defender’

A "back to basics" and "honest" approach to personal cyber security can help NHS staff make larger improvements at work, writes Nasser Arif.