FBI Warning: Cybercriminals are Targeting Plastic Surgery Offices and Patients for Extortion
FBI WARNING Alert Number: I-101723-PSA – October 17, 2023
SCARS Introduction to FBI Warning:
The FBI Warning is about Cybercriminals are increasingly targeting plastic surgery clinics in order to hack into their databases and access patient files. The goal of these attacks is often to extort money from the clinics or their patients.
Cybercriminals use a variety of methods to hack into plastic surgery clinics, including phishing attacks, ransomware attacks, and software vulnerabilities. Once they have gained access to a clinic’s database, they can steal patient files that contain sensitive information such as names, addresses, phone numbers, email addresses, medical records, and before-and-after photos.
The FBI warns that Cybercriminals then use this information to extort money from the clinic or its patients. They may threaten to release the sensitive information to the public, sell it to third parties, or use it to commit identity theft.
In some cases, cybercriminals may also target individual patients directly. They may contact patients via email or social media and threaten to release their sensitive information if they do not pay a ransom.
Plastic surgery clinics are particularly vulnerable to cyberattacks because they often store a large amount of sensitive patient data. Additionally, many plastic surgery clinics are small businesses that may not have the resources to invest in robust cybersecurity measures.
FBI Warning About Plastic Surgery Extortion
The FBI is warning the public about cybercriminals who target plastic surgery offices, surgeons, and patients to harvest personally identifiable information and sensitive medical records, including sensitive photographs in some instances. Once successful, cybercriminals use social engineering techniques to enhance the harvested data and extort individuals for cryptocurrency.
FBI Warning about this Scan
- Phase 1 – Data Harvesting
Using technology to disguise their phone numbers and email addresses (“spoof”), cybercriminals use phishing to deploy malware to plastic surgery offices. Once successful, cybercriminals harvest electronically protected health information (ePHI), which includes sensitive information and photographs.
- Phase 2 – Data Enhancement
Cybercriminals use open-source information, including social media, and social engineering techniques to enhance the harvested ePHI data of plastic surgery patients. Cybercriminals use the enhanced data as leverage for extortion in Phase 3 and may use it for other fraud schemes.
- Phase 3 – Extortion
Cybercriminals contact plastic surgeons and their patients via social media accounts, emails, text messages, or messaging apps, and ask for payment to prevent sharing of their ePHI. To exert pressure on victims for extortion payments, cybercriminals share the sensitive ePHI to victims’ friends, family, or colleagues, and create public-facing websites with the data. Cybercriminals tell victims they will remove and stop sharing their ePHI only if an extortion payment is made.
Tips To Protect Yourself
- Review profile settings in your social media accounts to strengthen privacy. Preferably, make your account private and limit what can be posted by others on your profile. Audit friend lists to ensure they consist of and are visible to people you know. Only accept friend requests and follow from people you know. Enable two-factor authentication to log in.
- Secure accounts (e-mail, social media, financial, bill pay) by creating unique and complex passwords for login; consider using a password manager to help you remember them.
- Monitor bank accounts and credit reports for any suspicious activity; consider placing a fraud alert or security freeze on your credit reports to prevent unauthorized access.
Report It
The FBI requests victims report these fraudulent or suspicious activities to the FBI IC3 at www.ic3.gov. Be sure to include as much information as possible.
- The name of the person who contacted you.
- Method of communication used, to include websites, emails, and telephone numbers.
- The wallet address(es) or bank account number(s) for extortion payments and recipient name(s), if provided.
If the crime involves cryptocurrency it should also be reported to the U.S. Secret Service – visit reporting.AgainstScams.org to learn more.
More:
- Cybercriminals are Targeting Plastic Surgery Offices and Patients (ic3.gov)
- Cybersecurity Failure Is Inevitable – Plan For It (scamsnow.com)
- Law Enforcement: What is the Difference Between the FBI, Europol, Interpol, and the NCA? (romancescamsnow.com)
- The FBI Is International (romancescamsnow.com)
- Qakbot Botnet Infrastructure Shattered After An International Operation Led By FBI/Europol Takes It Down (scamsnow.com)
- Cryptocurrency Recovery Alert from the FBI (scamsnow.com)
- Scams and Cryptocurrency Go Hand in Hand (scamsnow.com)
- Government Impersonation Scams Are On The Rise! (scamsnow.com)
SCARS Resources:
- Getting Started Right: ScamVictimsSupport.org
- Sextortion Scam Victims: Sextortion Victims Support – The Essentials (scamvictimssupport.org)
- For New Victims of Relationship Scams newvictim.AgainstScams.org
- Subscribe to SCARS Newsletter newsletter.againstscams.org
- Sign up for SCARS professional support & recovery groups, visit support.AgainstScams.org
- Join our Scam Survivors United Chat & Discussion Group facebook.com/groups/scam.survivors.united
- Find competent trauma counselors or therapists, visit counseling.AgainstScams.org
- Become a SCARS Member and get free counseling benefits, visit membership.AgainstScams.org
- Report each and every crime, learn how to at reporting.AgainstScams.org
- Learn more about Scams & Scammers at RomanceScamsNOW.com and ScamsNOW.com
- Scammer photos ScammerPhotos.com
- SCARS Videos youtube.AgainstScams.org
- Self-Help Books for Scam Victims are at shop.AgainstScams.org
- Worldwide Crisis Hotlines: https://blog.opencounseling.com/suicide-hotlines/
Other Cyber Resources
- Block Scam Domains: Quad9.net
- Global Cyber Alliance ACT Cybersecurity Tool Website: Actionable Cybersecurity Tools (ACT) (globalcyberalliance.org) https://act.globalcyberalliance.org/index.php/Actionable_Cybersecurity_Tools_(ACT)_-_Simplified_Cybersecurity_Protection
- Wizer Cybersecurity Training – Free Security Awareness Training, Phishing Simulation and Gamification (wizer-training.com)
-/ 30 /-
What do you think about this?
Please share your thoughts in a comment below!
Do You Need Support?
Get It Now!
SCARS provides the leading Support & Recovery program for relationship scam victims – completely FREE!
Our managed peer support groups allow victims to talk to other survivors and recover in the most experienced environment possible, for as long as they need. Recovery takes as long as it takes – we put no limits on our support!
SCARS is the most trusted support & education provider in the world. Our team is certified in trauma-informed care, grief counseling, and so much more!
To apply to join our groups visit support.AgainstScams.org
We also offer separate support groups for family & friends too.
Become a
SCARS STAR™ Member
SCARS offers memberships in our STAR program, which includes many benefits for a very low annual membership fee!
SCARS STAR Membership benefits include:
- FREE Counseling or Therapy Benefit from our partner BetterHelp.com
- Exclusive members-only content & publications
- Discounts on SCARS Self-Help Books Save
- And more!
To learn more about the SCARS STAR Membership visit membership.AgainstScams.org
To become a SCARS STAR Member right now visit join.AgainstScams.org
To Learn More Also Look At Our Article Catalogs
Scam & Crime Types
More SCARS
- ScamsNOW Magazine – ScamsNOW.com
- ContraEstafas.org
- ScammerPhotos.com
- AnyScam.com – reporting
- AgainstScams.org – SCARS Corporate Website
- SCARS YouTube Video Channel
Leave A Comment