UK cosmetic surgery supplier hit by ransomware, customer data stolen

Transform Hospital Group Ltd., a British supplier of cosmetics and surgical slimming products, was hit by ransomware, resulting in the theft of customer data, including intimate images.

It is not clear when exactly the attack took place. Transform, best known in the UK for breast augmentation surgery, described it only as a data security breach. “None of our patients ‘payment card information is compromised, but at this stage we understand that they may have accessed some of our patients’ personal data,” the company said in a statement reported by the BBC today.

However, it is known who is behind the attack: the infamous ransomware group REvil is taking responsibility. The group said on its dark website that it had received about 600 gigabytes of “the most important documents, personal customer data, as well as intimate photos of those customers (this is not a very pleasant sight :)),” and threatened to release the first batch of files next week. displays a screenshot published by REvil as evidence that the data was stolen from directories and folders that would comply with a medical practice labeled “Clinic_Images.”

One detail missing from the story is whether these are the company’s affected systems and how much REvil is demanding as a ransom not to release the data. A typical REvil attack starts with a ransomware attack, which is first noticed when the system goes offline, followed by a group demanding payment.

The REvil group is best known for attacking foreign exchange supplier Travelex in late December 2019. In that case, it was reported that Travelex paid a ransom of $ 2.3 million for the decryption key to rebuild its network. The gang, also known as Sodinokibi, has been linked to the attack on data center vendor Cyrus One Inc., and in May claimed responsibility for a ransomware attack on Grubman Shire Meiselas & Sacks, a high-profile law firm.

The attack on Grubman Shire Meiselas & Sacks has some parallels with the attack on The Hospital Group. Both involve celebrities, and both are stealing large amounts of personal information.

If REvil requested a ransom in this case, there is no guarantee that the ransom payment will result in the stolen data not being disclosed. “As in other ransom situations, it’s also impossible to know if paying a ransom will solve your problem,” said Jonathan Knudsen, senior security strategist at electronic design automation firm Synopsys Inc., SiliconANGLE earlier this year. “Even if you regain access to your own information, the attacker may still have a copy of the information and will be able to resell it to other interested parties.”

Image: Hospital group

Ever since you’ve been here …

Show your support for our mission by subscribing to our YouTube channel with one click (below). The more subscribers we have, the more YouTube will suggest relevant emerging corporate and technology content. Thanks!

Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.

… We would also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc. business model it is based on the intrinsic value of the content, not the advertising. Unlike many online publications, we do not have a pay wall or run banner advertising because we want our journalism to remain open, without influence or the need to prosecute traffic.Journalism, reporting and commentary on SiliconANGLE, along with a video from our Silicon Valley studio and globalization video teams in theCUBE – It takes a lot of effort, time and money. Maintaining high quality requires the support of sponsors who are in line with our vision of ad-free journalistic content.

If you like reporting, video interviews, and other ad-free content here, take a moment to look at a sample of video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.