Categories: SecurityWorkspace

Hackers Steal Up To 480,000 Patient Records From UK Plastic Surgery Clinic

Harley Medical Group, a UK-based plastic surgery clinic, has written to customers warning them hackers broke into company servers and accessed their data, in a breach that could affect as many as 480,000 people.

The attackers then tried to blackmail Harley into handing over money to recover the data, according to the letter sent to customers.

Names, dates of birth, email addresses and physical addresses were compromised, but no financial or clinical information was accessed, the plastic surgery said.

Plastic surgery clinic calls police over breach

Harley, which has 21 clinics across the UK, took down the website so it could issue fixes that would prevent any issues. Police and the Information Commissioner’s Office (ICO) have been informed of the breach.

“We acted immediately when we became aware that an individual had deliberately bypassed our website security, gaining access to contact information from initial inquiries, in an attempt to extort money from the company,” Harley’s chairman Peter Boddy said in the letter.

“I am sorry that the contact information that you provided in your initial enquiry via our website has been accessed in this way.”

Graham Cluley, writing for the Hot for Security blog, was concerned about the potential for further extortion from patients.

“Such information could be used not just to embarrass an individual, but also – potentially – to extort money from them. Furthermore, the private information could be sold to tabloid newspapers or entertainment websites which are scrabbling for some showbiz tittle tattle to fill their pages,” Cluley said.

Love IT security? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago