A group of hackers have leaked personal data and photos that belong to patients of a cosmetic surgery clinic based in Lithuania.
On 30 May, the bad actors published online some 25,000 private photos, including nude images, from patients of the Grozio Chirurgija clinic. They also included personal information in their dump. Those details ranged from names and addresses to passport scans and national insurance numbers.
Little is known about those responsible for the leaks other than the fact that they call themselves “Tzar Team.” Those in the security industry have heard that moniker before. It’s another name for APT28 and FANCY BEAR, the same group of Russia-affiliated hackers who accessed the medical data of U.S. athletes participating in the Rio 2016 Olympics and stole opposition research on then-Republican presidential nominee Donald Trump from the Democratic National Committee’s computer network.
The attackers might not actually be FANCY BEAR, however. They could have adopted the name in the hopes that Grozio Chirurgija would recognize it and be more amenable to their demands. That might explain why the actors initially accessed the clinic’s stolen database, which contains information and photos of more than 1,500 British patients, and put it up for sale at a value of 300 Bitcoins (approximately 675,000 USD). At the same time, they demanded ransom payments ranging in value between 50 euros and 2,000 euros from each patient.
Apparently, Tzar Team didn’t generate as much interest as they were hoping. The group has since reduced the price of the database to 50 Bitcoins. It’s also conducting periodic leaks of the database, no doubt in a bid to attract a willing customer.
Jonas Staikunas, the director of Grozio Chirurgija, is not impressed. As quoted by The Guardian:
“Clients, of course, are in shock. Once again, I would like to apologise. Cybercriminals are blackmailers. They are blackmailing our clients with inappropriate text messages.”
Lithuanian law enforcement is currently working with the security services of other European countries to find those responsible for the hack and leaks. While their investigation continues, it goes without saying that users should not go looking for, view, or save the clinic’s leaked information. Doing any of those things could expose them to prosecution.
If you are a patient of Grozio Chirurgija, do not engage with the attackers in any way. Instead report any communication from them to the clinic and to the local authorities.
News of this hack follows on the heels of the global WannaCry ransomware outbreak that swept up the United Kingdom’s National Health Service (NHS) along with over 200,000 organizations in 150 countries earlier in May.