Scammers are targeting plastic surgery clinics with extortion scams

(Image credit: Shutterstock / binarydesign)

Cybercriminals are targeting plastic surgery offices with ransomware, and are using stolen sensitive information to pressure the businesses into paying the ransom demands. Organizations and their workers are urged to tighten up on cybersecurity, work on their privacy on the internet, and be vigilant when getting email and social media messages.

This warning was given out by the Federal Bureau of Investigation (FBI) earlier this week, BleepingComputer reported.

As per the FBI’s warning, hackers are calling plastic surgery offices on the phone and inquiring about active email addresses. Then, they reach out via email, trying to trick the workers into downloading and running ransomware. After that, they’d use the access to steal sensitive information, personally identifiable data, but also sensitive medical records which, in some cases, include intimate photos.

Peer pressure

Then, they would pair this information with other data on the victims, available elsewhere on the internet. That can include information on social media (Facebook, Instagram, Twitter), and similar. 

The final step is to reach out to plastic surgeons and patients, threatening to release the data online unless they pay an extortion demand. In some cases, the attackers would send the information to close relatives or friends, to exert even more pressure on the victim.

In a statement given to BleepingComputer, the American Board of Plastic Surgery said it was actively working with the FBI on this. “As the FBI is the prime investigator, the Board cannot comment on the extent of those affected at this time,” it said.

The FBI’s warning also comes with a few suggestions on how to stay safe. The law enforcement agency advised plastic surgeons to configure their social media profiles for maximum privacy and carefully analyze who they have in their friends/followers list. Having strong, regularly updated passwords is also a recommendation, as well as monitoring bank accounts and credit reports. 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.