It is making sense that hackers target plastic surgeons. Not because they have health information records, credit card numbers, social security numbers, etc., but because they have not figured out that when hackers target plastic surgeons, they have a DUAL source of revenue.

Why Hackers Target Plastic Surgeons

  1. Security is most likely not where it should be.
  2. Images are VERY valuable.
  3. Drug seekers. People in pain that have had surgery, may be able to get narcotics so the record is extremely valuable.

Dual Revenue

What the hackers have figured out, is if they encrypt the records of a plastic surgeon, and they refuse to pay, they can call the PATIENT and have them pay in order to keep their private photos from spreading throughout the internet. Scary stuff. The latest plastic surgeon office to be hacked was on Rodeo drive. I’m going to take a guess that there may be a celebrity or two involved. In this case, the data thief was someone in their own office, however she was submitting photos and data via SMS so she was not working alone. I do not know if any of the patients have been contacted.

Things to do

  1. Make sure you have a good backup stored somewhere the hackers cannot reach.
  2. Plan for the worst. Always have a disaster recovery plan and business continuity plan in place, and test it. Both of these are HIPAA requirements so you should put a heavy focus on this.
  3. Have a good solid security plan in place.
  4. Educate your staff on proper computer/internet usage. Screen your staff. Do background checks and reference checks.
  5. Have a good IT staff in place, whether it be a managed service provider like Tier3MD, or an inhouse staff.

Hackers target plastic surgeons because healthcare records are becoming more and more popular. They have now figured out what they can get out of a healthcare record, AND how they can possibly get money from the patient. Unfortunately, this is the world we live it. Stay safe.