Data Breach at Hankins & Sohn's Plastic Surgery Office

The FBI is investigating a data breach where cybercriminals stole patients' records from a Las Vegas plastic surgeon's office and posted the details online, including nude photos.

In February, cybercriminals gained access to Hankins & Sohn's network in Henderson and Las Vegas, downloading patient information. The practice notified patients in March and April, acknowledging the breach and stating they are working with law enforcement.

However, the cybercriminals, unsatisfied with their initial gains, proceeded to post the stolen information online, which included sensitive personal details and nude photos of patients before and after surgery. The criminals also sent this data to family and friends through patients' email accounts.

About a dozen women have filed a lawsuit against Hankins & Sohn, claiming inadequate protection of their private information. The victims allege that the plastic surgery firm failed to implement sufficient cybersecurity procedures to protect Personally Identifiable Information (PII) and Protected Health Information (PHI).

Actions to Take if You Suspect a Data Breach

  • Check the vendor's advice for specific information about the breach and follow any recommendations they provide.
  • Change your password to render stolen passwords useless. Choose a strong, unique password, or use a password manager.
  • Enable two-factor authentication, preferably using a FIDO2 2FA device for enhanced security.
  • Be cautious of fake vendors contacting you. Verify any communications through the vendor's official channels.
  • Take your time to validate communications, especially those urging urgent action, to avoid falling victim to phishing attacks.

For more details, you can read the full article here.