FBI warns hackers are targeting plastic surgery offices, stealing nude photos
HOUSTON - Imagine having plastic surgery to later learn your nude photos or medical information has been posted online or sent to people you know.
The FBI just issued a warning that cyber hackers are targeting plastic surgery centers and their patients to extort money.
Cyber security expert Chris Nottingham with Check Point says it's a scary reality.
"The attackers are using those images and basically threatening the release of them to the patient's social network, friends, relatives," explained Nottingham.
SULLIVAN'S SMART SENSE: Medicare enrollment: Choosing a plan to meet your needs
The HIPPA Journal reports hackers attacked the office of Beverly Hills plastic surgeon Dr. Gary Motykie earlier this year and posted patient photos on the web, demanding ransom payments to take them down.
After a few more reported attacks on other plastic surgery centers this year, the FBI issued an alert that hackers are targeting plastic surgery offices and their often affluent patients.
"Typically the types of services that are being provided aren't things that are covered by insurance. Patients typically have more disposable income than your average person," said Nottingham.
The American Society of Plastic Surgeons sent out a warning to its members that hackers send phishing emails to surgery centers posing as ASPS staff members, then deploy malware to harvest patient records.
The FBI says the hackers then cross reference them to patients' social media pages to learn more personal details, then threaten to expose the images or medical information to their friends, family, or coworkers.
"A lot of times, when they're getting plastic surgery, it's not something that they want to broadcast to the world," said Nottingham.
He says plastic surgery centers need to ensure they have security systems in place and train employees not to fall for phishing schemes.
Nottingham says patients should ask healthcare providers how they will protect their information, and limit what they post about themselves online.
"Make sure that you've got your privacy settings set in such a way that what you are sharing is only going to the groups and individuals that you would like it to be shared with," said Nottingham.
The FBI also recommends using unique passwords or a password manager and two-factor authentication to protect your digital accounts.
If you are a victim of a cyber attack, report it to the FBI at IC3.gov.