By Michelle Drolet

The FBI recently sounded an alarm that plastic surgery clinics are being increasingly attacked by cybercriminals. It’s also worth noting that this is not the first time they’ve been targeted: Multiple reports of such attacks have occurred in the last five years

How Do These Attacks Work?

Cybercriminals target plastic surgeons using a dangerous type of infection called ransomware. To deploy ransomware into the victim’s environment, attackers typically infiltrate via successful phishing scams. Often posing as staff members from trusted organizations, threat actors convince victims to download and install the malware. Once ransomware is embedded in the network, it begins to lock and encrypt data and files, rendering them inaccessible. 

Next, the extortionist/hacker demands a ransom payment in exchange for a decryption key to restore access. They also employ threats to release sensitive patient photos, medical records, and other personally identifiable information (PII) if the ransom is not paid within a specified deadline. Attackers might go as far as creating public-facing websites to intensify the pressure. They post the stolen ePHI (protected healthcare information) on these websites and say they’ll stop sharing it when they get paid.

Why Are Cybercriminals Going After Plastic Surgery Clinics?

In terms of data theft and ransomware attacks, healthcare delivery organizations (HDOs) are one of the most affected industries globally. According to Ponemon Research, 88% of healthcare organizations suffered a cyberattack last year. Contrary to popular belief, clinics of all specialties suffer more ransomware attacks than hospitals. 

Cybercriminals target plastic surgery clinics for reasons similar to those in the broader healthcare industry.

Here are some:

  1. High-value patient data: It’s well-known that affluent clients frequent plastic surgery clinics. A single standard medical record can sell for about $60 on the “dark web” underground market. Now, consider the value of before-and-after photos of celebrities or politicians.
  2. A Higher Propensity to Pay: Cybercriminals often target organizations based on their ability to pay the ransom. Aesthetic surgery usually involves expensive procedures, and clinics are known to have deep pockets. What’s more, clinics store sensitive information like photographs, insurance records, and medical history. Hackers can easily leverage the sensitivity of this information and arm-twist organizations into meeting their payment demands. 
  1. Ideal for Blackmail and Extortion: Plastic surgeons rely heavily on their reputation to attract new clients. Due to the personal nature of these procedures, most patients expect a high level of trust and confidentiality. Cybercriminals can exploit personal information to blackmail patients, causing them great emotional distress and financial loss. 

How to Mitigate Cyber Threats

A successful attack can damage a business beyond repair. Plastic surgeons and healthcare delivery organizations (HDOs) should begin by taking these steps to lower the risk of breaches and ransomware attacks:

  1. Prepare an Incident Response Plan: When disaster strikes, it’s difficult to think clearly. For effective crisis management, it’s advisable to develop a comprehensive incident response plan and rehearse it regularly; doing so can help immensely in ransomware mitigation and recovery. 
  1. Secure IT Infrastructure and Data: Deploy advanced email and endpoint security to prevent malicious attachments and malware from reaching staff members. Use data leakage prevention tools to discover, monitor, and control protected health information and reduce the risk of data leakage and theft.
  1. Invest in User Awareness Training: Most attacks start with staff members clicking on a malicious link or responding to a phishing email. Conduct security training and phishing simulations to enhance staff security skills, awareness, and accountability.
  1. Backup Data: Regularly back up all patient data and critical files. Ensure these backups are stored securely. If possible, keep these backups offline to prevent ransomware from infecting them. 
  1. Implement Strong Authentication: Ensure that only authorized personnel have access to patient records. It’s highly recommended that clinics deploy multifactor authentication to add an additional layer of security. 
  1. Keep Software and Systems Updated: Update software and medical systems on a scheduled basis to ensure they are free from known vulnerabilities. The FBI identified numerous vulnerabilities stemming from medical devices that were running outdated software; these provide attackers a platform to launch ransomware attacks.
  1. Partner with Cybersecurity Experts: Like surgery and medicine, cybersecurity too is a complex topic that requires specialized guidance and diagnosis. It’s advisable to partner with a trusted organization that has experience with compliance efforts, cyber insurance protocols, ransomware negotiation, prevention, mitigation, response, and recovery. It’s best to preempt a crisis by firmly establishing security policies and procedures early.

Ensuring cybersecurity is an ongoing process, demanding regular reviews, updates, and training to adapt to evolving threats. By following these guidelines, surgery clinics can reduce ransomware risks while also safeguarding patient data, confidentiality, and the hard-earned reputation they’ve built and maintained.


Michelle Drolet is CEO of Towerwall, a specialized cybersecurity firm offering compliance and professional onsite services.