Hackers Demand Ransom From Patients After Breaching Florida Clinic

Hackers are demanding patients of Florida provider Richard Davis, MD pay a ransom to prevent the release of their personal information following a breach of the clinic's server.

Current and former patients of Richard Davis, MD, who operates The Center for Facial Restoration, have received ransom demands from a cybercriminal who hacked the clinic's server.

Other providers have reported extortion attempts after a breach in the past year, including CarePartners and plastic surgeon Robert Spies, MD. However, this is one of the first reported incidents where the hackers targeted the patients, rather than just the provider.

In a letter to patients, Davis reportedly received a letter from hackers who claimed they had breached the clinic’s servers and obtained the complete medical records of patients, which could be used to publicly exploit patients or be traded to third parties.

The hackers demanded a ransom payment from Davis and by November 29, about 15 to 20 patients reported to the clinic that they also received individual extortion attempts from the hackers “threatening the public release of their photos and personal information unless unspecified ransom demands are negotiated and met.”

On November 12, Davis filed an FBI complaint and met with agents in an effort to examine the scope of the cyberattack and source of the ransom demands. While the investigation continues, patients receiving ransom demands are being encouraged to file individual complaints with the FBI.

The hackers potentially stole the personally identifiable information from an estimated 3,500 former and current patients.

The provider explained that PII is stored in a scan of the patient’s intake demographic questionnaire, rather than an electronic demographic database, which has made obtaining contact information for impacted patients “painstakingly slow and labor intensive.”

What’s more, data access continues to be hindered by ongoing IT service disruptions, Davis explained. Patients are urged to share the notification with any known patients of The Center for Facial Restoration.

Davis has since installed new hard drives, firewalls, and detection software to reduce the potential of future cyberattacks, “but no system is foolproof, and even the US government with all its resources has been victimized repeatedly.”

“While upgrading my defenses clearly won’t help those individuals whose data has already been stolen, there is reason to suspect that the theft of patient photographs may be limited to only a very small number of individuals – mostly those patients who used email to send or receive their photographs – so the upgrades may prove useful,” Davis said.

“I deeply regret that individuals currently or formally under my care have been victimized by this criminal act, and I urge you to monitor your financial information closely,” he added. “I am sickened by this unlawful and self-serving intrusion, and I am truly very sorry for your involvement in this senseless and malicious act.”

The hack mirrors past security incidents of the notorious hacker known as thedarkoverlord, an anonymous hacking group that targeted a wide range of organizations – including the Athens Orthopedic Clinic in Georgia.

One known member of the group is currently standing trial in St. Louis for his role in the hacking efforts, including aggravated identity theft and conspiring to commit computer fraud offenses.

Next Steps

Dig Deeper on Healthcare data breaches