The Daily Swig Web security digest

Patient data stolen from London plastic surgery

James Walker | 25 October 2017 at 12:00

Clinic ‘horrified’ by breach – but probably not as much as its patients.

A plastic surgery based in central London has become the latest in a long line of medical breaches, after the company yesterday confirmed that patient data has been stolen.

Issuing a statement yesterday, London Bridge Plastic Surgery (LBPS) said it was “horrified” and “deeply saddened” to learn that hackers had targeted the clinic in a cyberattack.

“Regrettably, following investigations by our IT experts and the police, we believe that our security was breached and that data has been stolen,” the surgery said in a statement to its patients.

Based in the Harley Street medical enclave of London, LBPS is known for serving high-profile clients with ‘five-star’ body modification services.

While the surgery said it was still working to establish the scope of the data breach, the hacking group known as The Dark Overlord reportedly contacted The Daily Beast, claiming: “We have TBs [terabytes] of this shit. Databases, names, everything.”

“There are some royal families in there,” the group claimed.

The surgery said it had informed the Metropolitan Police, who have launched an investigation into the “highly sophisticated” attack.

“Security and patient confidentiality has always been of the utmost importance to us,” LBPS said. “We invest in market-leading technology to keep our data secure and our systems are updated daily. We are deeply saddened that our security has been breached.”

The Dark Overlord hacking group first emerged in 2016, when they plagued numerous medical centers across the US with ransom demands, before moving onto commercial businesses, such as Netflix, and most recently schools.