Crooks after plastic surgeons and their patients, FBI warns


Cybercriminals first try to harvest personally identifiable information and sensitive medical records, including photographs. Later, they blackmail victims for cryptocurrency.

The scam starts with a phishing campaign. Once a victim organization swallows the cybercriminals’ hook, they infect its systems with malware that steals sensitive patient information, including their pictures.

The crooks then enhance the stolen information with whatever they manage to find publicly – for example, social media profiles. The enhanced data is then used for either extortion or other fraud schemes.

Plastic surgeons and their patients are contacted by the crooks via social media, email, and various messaging apps. They threaten to share the victims’ ePHI (electronically protected health information) if they don't pay.

“To exert pressure on victims for extortion payments, cybercriminals share the sensitive ePHI to victims' friends, family, or colleagues, and create public-facing websites with the data. Cybercriminals tell victims they will remove and stop sharing their ePHI only if an extortion payment is made,” the FBI warned.

How to protect yourself:

  • Make your social account private
  • Limit what can be posted on your profile by others
  • Audit your friends and accept requests only from people you know
  • Enable two-factor authentication
  • Use strong passwords to secure your email, social media, and other accounts
  • Monitor bank accounts for any suspicious activity

More from Cybernews:

Californian IT company leaks private mobile phone data

Former Navy IT manager sentenced for stealing 9,000 identities

Google Chrome mimicked to spread malware

Android users can now log into WhatsApp with passkeys

YouTube is cracking down on adblock users: pay or disable

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked