Crooks after plastic surgeons and their patients, FBI warns


Cybercriminals first try to harvest personally identifiable information and sensitive medical records, including photographs. Later, they blackmail victims for cryptocurrency.

The scam starts with a phishing campaign. Once a victim organization swallows the cybercriminals’ hook, they infect its systems with malware that steals sensitive patient information, including their pictures.

The crooks then enhance the stolen information with whatever they manage to find publicly – for example, social media profiles. The enhanced data is then used for either extortion or other fraud schemes.

ADVERTISEMENT

Plastic surgeons and their patients are contacted by the crooks via social media, email, and various messaging apps. They threaten to share the victims’ ePHI (electronically protected health information) if they don't pay.

“To exert pressure on victims for extortion payments, cybercriminals share the sensitive ePHI to victims' friends, family, or colleagues, and create public-facing websites with the data. Cybercriminals tell victims they will remove and stop sharing their ePHI only if an extortion payment is made,” the FBI warned.

How to protect yourself:

  • Make your social account private
  • Limit what can be posted on your profile by others
  • Audit your friends and accept requests only from people you know
  • Enable two-factor authentication
  • Use strong passwords to secure your email, social media, and other accounts
ADVERTISEMENT
  • Monitor bank accounts for any suspicious activity