14 DAY TRIAL // Over 25,000 private pictures, as well as other personal data from patients of a cosmetic surgery clinic from Lithuania, have been stolen and dumped online by hackers.
The images were made public earlier this week by a hacking group that is known by many names, including "Tsar Team" and APT28, but it's most famous under the name Fancy Bear. According to The Guardian, the hackers got into the servers of the Grozio Chirurgija clinic sometime earlier this year. They apparently demanded ransoms from the clinic's clients before dumping the content online.
It seems that this isn't even the first time they've leaked private photos featuring the clinic's patients, including nude pictures. Part of the database was released in March, the police says, but the rest was dumped on Tuesday. Dozens of clients have come forward, accusing the hackers of blackmail.
According to their testimonies, the hackers demanded between €50 and €2,000 in Bitcoin, depending on the sensitivity of the stolen data. Nude photos, as expected, raised the price, as did passport scans and national insurance numbers since those can be used for identity theft.
Before going after each patient and trying to extort them, the hackers asked 300 Bitcoin from the Lithuanian clinic, but they refused to pay. The price has since dropped to 50 Bitcoin, presumably as the Bitcoin price continued to climb.
Ongoing investigation
The local authorities are working with security services across Europe, especially since customers came from many countries.
"Clients, of course, are in shock. Once again, I would like to apologize. Cybercriminals are blackmailers. They are blackmailing our clients with inappropriate text messages," said Jonas Staikunas, director of Grozio Chirurgija.
This is the same group that has been linked to the hack of the Democratic National Committee ahead of the US elections, as well as the hack of Emmanuel Macron's team a month ago. It is believed the members are from Russia and closely tied to the government.
“As health-related information gets increasingly accumulated by companies not prepared to protect this critical data, we will see more of this kind of problem. Most doctor offices operate within a tight budget, under constant pressure to cut costs. Often, IT security is the first thing that is overlooked (or postponed or mismanaged), because its return-on-investment is not immediate.However, when attacks like this one happen, the patients are the one paying the price of inaction," said Giovanni Vigna, CTO of security company Lastline.
Tim Erlin, AlienVault VP, added that all healthcare providers should take the time to review not only their tools and processes for defense but also their incident response plans. "The worst time to create an incident response plan is during an attack," he said.