The Hospital Group has 11 clinics and has a celebrity clientele, but it made the headlines because the REvil ransomware gang, aka Sodinokibi, claims to have hacked its systems and threatens to release before-and-after pictures of celebrity clients.
Its clinics specializing in bariatric weight loss surgery, breast enlargements, nipple corrections, and nose adjustments.
The Hospital Group has confirmed the ransomware attack and notified the Information Commissioner about the security breach. The Hospital Group also notified via email all customers.
“We can confirm that our IT systems have been subject to a data security breach.” The Hospital Group said in a statement. “None of our patients’ payment card details have been compromised but at this stage, we understand that some of our patients’ personal data may have been accessed.”
“The Hospital Group, which has been endorsed by celebs including Kerry Katona and Joey Essex, confirmed the ransomware attack.” states The Sun.
The REvil ransomware operators have published some pictures of the hacked systems on their leak site hosted on the Tor Network, they claims to have stolen about 600 GB of documents. Stolen data includes personal data of customers along with intimate photos of these customers.
“Unfortunately, time is going on very quickly, but we have not seen any positive reaction from our friends from TheHospitalGroup.org.
Center for Plastic Surgery in the UK.” reads the message posted on the leak site.
“It’s time to introduce you to them too. We pumped out about 600 gb of the most important documents, personal data of customers, as well as intimate photos of these customers (this is not a completely pleasant sight:))”
The ransomware gang plans to post the first batch of files, named “Pacient Personal – 20гб TMG OFFICIAL Documents – 50гб” at the beginning of next week.
REvil gang is one of the major ransomware operations, it has been active since April 2019, its operators claim to earn over $100 million a year through its RaaS service.
In a recent interview with the public-facing representative of REvil, the ransomware operation claims to earn over $100 million a year in extortion payments.
The list of the victims of the group is long and includes Travelex, Kenneth Cole, SeaChange, Brown-Forman, BancoEstado, Grubman Shire Meiselas & Sacks (GSMLaw), Valley Health Systems, Telecom Argentina, the Managed.com hosting provider, and Lion.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, REvil ransomware)