Hackers Steal Up To 480,000 Patient Records From UK Plastic Surgery Clinic

Harley Medical Group, a UK-based plastic surgery clinic, has written to customers warning them hackers broke into company servers and accessed their data, in a breach that could affect as many as 480,000 people.

The attackers then tried to blackmail Harley into handing over money to recover the data, according to the letter sent to customers.

Names, dates of birth, email addresses and physical addresses were compromised, but no financial or clinical information was accessed, the plastic surgery said.

Plastic surgery clinic calls police over breach

Harley, which has 21 clinics across the UK, took down the website so it could issue fixes that would prevent any issues. Police and the Information Commissioner’s Office (ICO) have been informed of the breach.

“We acted immediately when we became aware that an individual had deliberately bypassed our website security, gaining access to contact information from initial inquiries, in an attempt to extort money from the company,” Harley’s chairman Peter Boddy said in the letter.

“I am sorry that the contact information that you provided in your initial enquiry via our website has been accessed in this way.”

Graham Cluley, writing for the Hot for Security blog, was concerned about the potential for further extortion from patients.

“Such information could be used not just to embarrass an individual, but also – potentially – to extort money from them. Furthermore, the private information could be sold to tabloid newspapers or entertainment websites which are scrabbling for some showbiz tittle tattle to fill their pages,” Cluley said.

Love IT security? Try our quiz!