InfoSec News & Investigations

Hackers Blackmail Patients of Surgical Company in a Cyber attack

The patients of a facial surgical company in Florida, who were hacked recently, are now being threatened by hackers. The hackers demand that the patients pay them money, or else they would leak their personal information online.

TCFRR (The Center for Facial Restoration), a facial surgery company based in Miramar, was attacked by cyber-criminals in November last year.

In an online statement published on the company’s official website, plastic surgeon and company founder Dr. Richard Davis said: ” On 8 November 2019, I got an anonymous e-mail from hackers claiming to breach my company’s server. The cyber-criminals revealed that they had personal data of TCFRR’s patients and threatened to either expose the data online or sell it to 3rd parties.” 

Dr. Davis was then blackmailed and the hackers demanded a ransom (not disclosed) in return for not compromising his company’s cybersecurity.

As if this was not enough, the hackers after blackmailing Dr. Davis, contacted TCFRR’s patients individually, in-demand for extorting money from the rhinoplasty company’s patients.

“The hackers were demanding a ransom negotiation, and after 29 November 2019, around 20 patients have reached our company having criticisms of individual ransom demands, accusing that these hackers are threatening to release their personal information (including personal photos) online unless their ransom demands are met,” says Dr. Davis in a statement. 


He suspects that around 3500 patients (current and former) might have been the victim of this cyber attack. The hacked data might include passport, driving license, residential address, emails, contact information, banking credentials, and patients’ photographs. 

Following the incident, the FBI’s cybersecurity department was contacted on 12 November, and David frequented the FBI on 14 November to discuss the ransom demands and the cyber attack information.

To be further safe from any similar incident happening again, Dr. David has taken up some precautions that include installing new hard disks, and a new firewall and malware protection antivirus.

“I am disgusted by this criminal and selfish invasion, and I sincerely apologize to the patients for their crisis in this stupid and spiteful action,” said Davis on his website.


The statement was published openly, the reason being that the company’s server didn’t have the option of contacting the patients personally.
Original Source