Cybercriminals hack plastic surgery clinic; threaten to reveal thousands of celebrities’ photos before their surgeries

The Russian hacking group identified as REvil claims to have extracted more than 900GB of information from a celebrity plastic surgery clinic. Threat actors appear to threaten to leak photos of thousands of celebrities before and after their plastic surgeries if their demands are not met. REvil is a hacker group specializing in ransomware attacks against public and private organizations around the world.

The organization affected is “The Hospital Group”, whose clinics have received popular actresses and actors such as Kerry Katona, Tina Malone and Joey Essex. The company has already confirmed that its databases were compromised after a security incident, as well as noting that the Information Commissioner’s Office (ICO) has already been notified of this attack.

American media revealed that the organization’s 11 clinics (specializing in breast implants, nose surgery, and weight loss interventions) were compromised, so all of their clients will be notified over the next few days: “We can confirm that our computer systems were exposed to a security breach; patient payment card details have not been compromised, although the incident involves the exposure of personal data,” the notification states.

On the threat of malicious hackers, The Hospital Group acknowledges that thousands of photos could have been stolen, although obviously not all of them belong to celebrities. Through social media, some former patients at these clinics mentioned not yet receiving the safety alert.

Simon Hails, who recently underwent surgery at one of the affected clinics, mentions that the company sent him an email mentioning the security incident although they did not explicitly mention that his personal data had been affected, so he remains concerned about the possibility of malicious hackers using his confidential information or selling it on dark web forums.

So far it is unknown whether threat actors are demanding ransom payment in exchange for not disclosing these images.