Cybercriminals Targeting Plastic Surgery Offices for Extortion: FBI Warns
In a recent public service announcement, the FBI has uncovered a disturbing trend in which cybercriminals are targeting plastic surgery offices to harvest sensitive personally identifiable information (PII) and medical records. Once obtained, these attackers then demand a ransom from both doctors and patients in exchange for not sharing this private data, which often includes sensitive photographs.
The FBI outlined the three-stage approach that these cybercriminals are utilizing to carry out these scams. Firstly, they send phishing messages to plastic surgery offices in an attempt to deploy malware and harvest electronically protected health information (ePHI) and PII. Following this, they enhance the harvested data by using open-source information and social engineering techniques to increase its value as leverage for extortion. Finally, the attackers contact plastic surgeons and patients through various means, such as social media accounts, emails, and text messages, to make their demands for payment in cryptocurrency. In some cases, they may even threaten to share the sensitive data with family, friends, and colleagues if their demands are not met.
To protect against these attacks, the FBI has provided some key recommendations for plastic surgeons and their patients to follow:
1. Strengthen privacy settings on social media accounts, making them private and auditing friend lists to ensure they only consist of people you know. Enable two-factor authentication for added security.
2. Use unique and complex passwords for all online accounts, including email and social media.
3. Regularly monitor bank accounts and credit reports for any suspicious activity, and consider placing a fraud alert or security freeze on credit reports.
4. Report any fraudulent or suspicious activities to the FBI, providing details such as the name of the individual contacting you, the method of contact, and any crypto wallet addresses or bank account numbers provided by the extortionists.
By following these steps, plastic surgeons and their patients can reduce the risk of falling victim to these malicious attacks and protect their sensitive information from falling into the wrong hands. Stay vigilant and report any suspicious activities promptly to authorities to help combat cybercrime in the healthcare industry.