Relatively speaking, Lithuania amassed their fair share of data breaches within the past five years. In many cases, the hacks occurred both inside and outside the medical sector—the medical breaches, though carried less of a foreign impact than the others. However, a Lithuanian plastic surgery clinic recently landed in the spotlight for a data breach that showcased patient pictures on the darknet.
International media saw Lithuania on the news for a medical data breach not long ago. The “Tsar Team” aka “Fancy Bear“ hacked the World Anti-Doping Agency (WADA). Confidential medical data of 25 famous athletes made their rounds in the internet. Serena Williams lost her confidential information in that breach and was among the most famous of the victims. The database hack of Lithuanian web host “000webhost” likely rang more alarm bells, however. Hackers dumped 13 million passwords and HaveIbeenpwned activity spiked.
In this case, though, hackers targeted UAB Beauty Surgery (Grozio Chirurgija). The threat actors claimed, in an email to several Lithuanian news outlets, that they stole 24,000–25,000 individual medical records. Compared to many medical breaches seen in the United States, this caused, so far, less of a concern about the confidential information itself. The pictures, though, raised an alarm.
The group of six cybercriminals wrote emails to the media that outlined the situation:
“Hello, we have collected information about 25,000 people who benefited from the Beauty specialists, [some] but not all are Lithuanian celebrities. Also we have plastic surgery photos taken of changes (vagina, breast, penis, etc.). The preferred form of settlement – Bitcoin. Currently, we are analyzing the collected information. [Once complete], the list will be longer. We are a group of six people, and for this information we would like 100 thousand euros.”
When the news first broke, one of the clinic’s owners wrote, in an email response regarding the news. He saw some of the leaked data and when asked a question about the validity if it, he responded that the names were real. The photos, he said, were false. He explained that he saw for himself that the hackers simply took photographs from the internet and claimed they came from the clinic. In a later email, he told a source that the photographs—the before and after pictures—never left physical storage. The clinic only uploaded the paperwork; pictures stayed with the staff, co-owner Jonas Staikūnas said.
One news agency published the co-owner’s comments and received an email from an anonymous email address that disputed Staikūnas’s words. They vowed to send proof. They did so in the form of several photographs of well known public figures. They spoke with one of the individuals in the photographs, a musician who went through a breast augmentation operation. She admitted that the pictures came from her procedure at the clinic in question. (She explained that the surgery was not a secret. Even single glance at her pictures revealed that she made no attempt to conceal the work.)
The alleged six-count person group emailed again and alerted the news outlet of the next step: uploading the pictures to a darknet auction site they created. The group uploaded, as of the writing of this article, 62 sample listings that contained the patient’s entire file for free. Pictures, medical history, phone numbers, email addresses, etc. Everything is either highly sensitive or explicit, if not both.
The auction is an interesting choice. In addition to auctioning off each patient, they continue to blackmail the plastic surgery clinic. Furthermore, the price for patient data keeps rising. At the writing of this article, the buyout price is 300BTC. The company has not concretely said anything about their next step. However, at this point, along with statements that call the hackers thugs, not hackers, the chances of a buyout happening look slim.
TheBitcoinNews.com – Bitcoin News source since June 2011 –
Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. TheBitcoinNews.com holds several Cryptocurrencies, and this information does NOT constitute investment advice or an offer to invest.
Everything on this website can be seen as Advertisment and most comes from Press Releases, TheBitcoinNews.com is is not responsible for any of the content of or from external sites and feeds. Sponsored posts are always flagged as this, guest posts, guest articles and PRs are most time but NOT always flagged as this. Expert opinions and Price predictions are not supported by us and comes up from 3th part websites.
Advertise with us : Advertise
Our Social Networks: Facebook Instagram Pinterest Reddit Telegram Twitter Youtube
