Transform Hospital Group Ltd., a UK provider of cosmic surgery and weight loss, was hit by ransomware, resulting in the theft of customer data including close-up images.
It is not clear when the attack took place. Transform, best known in the UK for breast augmentation surgery, described it as a purely data security breach. “None of our patients ‘payment card information has been compromised but at this stage, we understand that some of our patients’ personal data may have been obtained,” the company said in a statement. it was reported by the BBC today.
It is known who is behind the attack, however: The reputable ransomware group REvil is claiming responsibility. The group said on their dark webpage that they had found about 600 gigabytes of “the most important documents, customers’ personal data, as well as close-ups of those customers (not a very pleasing sight is this :)), ”and threatens to post the first batch of files next week. DataBreaches.net shows a screenshot posted by REvil as proof that the data was stolen by records and folders that would align with medical use with one named “Clinic_Images.”
One missing detail from the story is whether the company’s systems were affected and to what extent REvil wants as a jail payment without releasing the data. A typical REvil attack starts with a ransomware attack, which is first detected by systems going offline, and the group then wants to pay.
REvil is best known for its attack on foreign exchange provider Travellex in late December 2019. In that case, it was reported that Travellex paid $ 2.3 million in compensation for a decryption key to its network renewal. The gang, also known as Sodinokibi, was linked to an attack on data center provider Cyrus One Inc. and in May claimed responsibility for a ransomware attack on Grubman Shire Meiselas & Sacks, a high-profile entertainment law firm.
The attack on Grubman Shire Meiselas & Sacks is similar to the attack on the Hospital Group. Both are celebrities and were involved in the theft of large amounts of personal information.
If REvil has requested compensation in this case, there is no guarantee that if the compensation is not paid the stolen data will not be disclosed. “Like other pricing scenarios, it’s impossible to determine if the compensation will remove your problem,” said Jonathan Knudsen, senior security expert at electronic design automation company Synopsys Inc., to SiliconANGLE earlier this year. “Even if you can retrieve your own information, your attacker may have a copy of the information and be able to sell it to other interested parties. ”
Image: Hospital Group
Since you are here …
Show your support for our mission with the one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will recommend relevant content and emerging technology content to you. Thank you very much!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We would also like to tell you about our mission and how you can help us achieve it. SiliconANGLE Media Inc.’s business model. based on the intrinsic value of the content, not advertising. Unlike many online publications, we do not have a payroll or run banner advertising, as we want to keep our journalism open, without the impact or need to follow traffic.News, commentary and commentary on SiliconANGLE – along with live, unwritten video from our Silicon Valley studio and global video teams at theCUBE – take a lot of hard work, time and money. Maintaining the high quality requires sponsorship support that is in line with our vision of ad-free journalism content.
If you would like commentary, video interviews and other ad-free content here, please take a moment to view a sample of the video content with the support of our sponsors, tweet your support, and keep coming back to SiliconANGLE.