Plastic surgery offices have become a target for cybercriminals looking to harvest sensitive personally identifiable information (PII) and medical records in order to extort doctors and patients, according to a recent announcement from the FBI.
The FBI’s public service announcement, released on October 17, 2023, warns that attackers are using a three-stage approach to carry out these scams. In the first phase, cybercriminals send phishing messages to plastic surgery offices to deploy malware and gather ePHI and PII. They then move on to the second phase, where they enhance this data using open-source information and social engineering techniques to use as leverage for extortion. Finally, in the third phase, the attackers contact plastic surgeons and their patients through various channels, such as social media, emails, and messaging apps, to demand a ransom in cryptocurrency in exchange for not sharing the sensitive data.
To protect against these attacks, the FBI recommends several measures for plastic surgeons and their patients. This includes strengthening privacy settings on social media accounts, using unique and complex passwords for online accounts, monitoring bank accounts and credit reports for suspicious activity, and reporting any fraudulent or suspicious activities to the FBI.
By following these guidelines, plastic surgeons and their patients can reduce the risk of falling victim to these extortion attempts and safeguard their sensitive information from cybercriminals. It is important to stay vigilant and take proactive steps to protect against these evolving threats in the digital age.