- Thesnake02 hacker group exposes sensitive data from Brazilian Plastic Surgery Clinic.
- Breach occurred in July 2023, leaking 1.25 GB of private patient data, including surgery-related images and financial documents.
- Trend of healthcare cyberattacks continues; Roberto Polizzi Plastic Surgery Clinic joins the list of victims.
- Detailed analysis reveals trove of confidential patient info, nude images, and PII, but no passwords or credit/debit card data.
- While primarily in Portuguese, leaked nude images pose significant risks; potential for exploitation by cybercriminals.
- Previous cybercrime groups like REvil, The Dark Overlord, and Tsar Team targeted plastic surgery clinics, extorting ransom payments and leaking data.
- Breach underscores urgent need for improved healthcare cybersecurity to protect patient confidentiality and data.
A group of hackers operating under the alias Thesnake02 have leaked a trove of sensitive data belonging to the Roberto Polizzi Plastic Surgery Clinic based in Belo Horizonte, Brazil.
The breach, which occurred on July 26th, 2023, has resulted in the leak of approximately 1.25 GB of highly sensitive and private data, including surgery-related images, financial documents, and personal information of patients.
The clinic, managed by Dr. Roberto Polizzi, has become the latest victim of a growing trend of cyberattacks targeting healthcare and medical institutions. The leaked data, initially made public on the latest version of Breach Forums, has been closely examined by Hackread.com.
Detailed analysis of the compromised data reveals a vast trove of confidential patient information, including nude images related to surgical procedures, WhatsApp messages, audio notes, receipts, CVs, invoices, internal clinic documents, and contact details.
The breach also exposed a wealth of personally identifiable information (PII), such as driver’s licenses, CPF IDs (Brazil’s equivalent of social security numbers), Covid certificates, and more. Importantly, no credit card or debit card information was among the leaked data.
While the leaked records are primarily in Portuguese, we warn that the exposure of surgery-related nude images carries substantial potential risks. Cybercriminals could exploit this sensitive content in various harmful ways, including extortion and blackmail.
In the past, several notorious cybercrime syndicates, including REvil hackers (also known as the Sodinokibi group), The Dark Overlord, and Tsar Team, were involved in cyberattacks targeting plastic surgery clinics. These groups would extort ransom payments from their victims and, when these demands went unmet, proceeded to expose sensitive data online.
In December 2020, The Hospital Group, situated in Manchester, England, fell victim to REvil’s cyber attack. The plastic surgery clinic London Bridge Plastic Surgery (LBPS) was targeted by The Dark Overlord in October 2017, while Tsar Team successfully hacked and subsequently leaked data from Grozio Chirurgija, a cosmetic surgery clinic located in Kaunas, Lithuania back in May 2017.
As for the Roberto Polizzi Plastic Surgery Clinic, given the language barrier, the immediate impact of this breach might be somewhat limited. However, the incident underscores the critical need for enhanced cybersecurity measures within the healthcare sector, where patient confidentiality and data protection are of paramount importance.
RELATED ARTICLES
- Hacked Finnish psychotherapy clinic files for bankruptcy
- Dental clinic alerted to ransomware attack via hacker phone call
- Plastic surgery tech firm leaks images of 100,000s of customers
- Breast Cancer Charity Exposed Sensitive Images of U.S. Patients
- Medical software firm leaked personal data of 3.1 million patients