Nude “before and after” photos stolen from plastic surgeon, posted online, and sent to victims' family and friends

Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ by ⁨L4s@lemmy.world [bot]⁩ to ⁨technology@lemmy.world⁩

https://www.malwarebytes.com/blog/news/2023/11/nude-before-and-after-photos-stolen-from-plastic-surgeon-posted-online-and-sent-to-victims-family-and-friends

Nude “before and after” photos stolen from plastic surgeon, posted online, and sent to victims’ family and friends::The FBI is investigating a data breach where cybercriminals were able to steal patients’ records from a Las Vegas plastic surgeon’s office and then publish them online.

source

Comments

Sort:hotnew top

LWD@lemm.ee ⁨1⁩ ⁨year⁩ ago
[deleted]
source
- kadu@lemmy.world ⁨1⁩ ⁨year⁩ ago
  [deleted]
  source
  - naonintendois@programming.dev ⁨1⁩ ⁨year⁩ ago
    HD encryption only helps if they get physical access to the disk when the device is locked or powered off. If they get it via a backdoor or virus, then it doesn’t help.
    
    source
  - KairuByte@lemmy.dbzer0.com ⁨1⁩ ⁨year⁩ ago
    That isn’t at all the argument presented by those opposed to “nothing to hide” mentality. You’re simply going from one extreme to the other, and presenting a strawman.
    
    source
HeyJoe@lemmy.world ⁨1⁩ ⁨year⁩ ago
Found the info I was looking for in the article. The documents did not appear to be stored with any kind of encryption… so yeah this was terrible it happened, but it happened partially due to not spending enough on IT resources to guide them on proper practices for handling documents with confidential information and violated HIPAA. As someone who works in the field all patient information must be encrypted at rest or another form of encryption on the data must exist for it to fall within compliance. On top of this only the bare minimum amount of people should have access to this data and absolutely should have audit logs for anyone accessing the data normally through the 3rd party application used to store and lookup the information.

source
- Treczoks@lemmy.world ⁨1⁩ ⁨year⁩ ago
  Not that the audit logs would help anyone except listing "these files were copied by on ".
  
  source
  - HeyJoe@lemmy.world ⁨1⁩ ⁨year⁩ ago
    I was more referencing the application that they, hopefully, use to store their documents. I really hope they are not just stored in a directory, but I guess who knows… some of the applications I have used reference everything in audit logs from when it was uploaded, to who and when it is viewed, any changes, and more. Without the application the data is encrypted at rest so the files are useless without using the application to open them. We have others that are stored within an encrypted database or use blob storage thats encrypted. Anything, but never plain old windows for storage!
    
    source
- alienzx@feddit.nl ⁨1⁩ ⁨year⁩ ago
  I hope they get the full fines
  
  source
Treczoks@lemmy.world ⁨1⁩ ⁨year⁩ ago
Let me guess without reading the article: The data was stored on an unecrypted drive connected to a computer in a network running with Windows, Active Directory, and Outlook/Exchange?

With that combo, you can just post your “secret” data on the web site, it won’t make much of a difference.

source
- CaptFeather@lemm.ee ⁨1⁩ ⁨year⁩ ago
  Spot on lmao
  
  According to 8NewsNow, about a dozen women have since filed a lawsuit against the firm, claiming they did not do enough to protect their private and personal information. None of the documents posted online were encrypted
  
  source
moistclump@lemmy.world ⁨1⁩ ⁨year⁩ ago
Yikes. What a weird, cruel thing for someone to do.

source
Nerrad@lemmy.world ⁨1⁩ ⁨year⁩ ago
Let’s just all post our nudes and get it over with. You go first.

source
- DemBoSain@midwest.social ⁨1⁩ ⁨year⁩ ago
  Image
  
  source
- Kissaki@feddit.de ⁨1⁩ ⁨year⁩ ago
  I’m not sure what do do about the before and after though. Any suggestions?
  
  source
  - DudeDudenson@lemmings.world ⁨1⁩ ⁨year⁩ ago
    Just stick your tummy in and then out, like in the commercials
    
    source
- DrMango@lemmy.world ⁨1⁩ ⁨year⁩ ago
  This guy is on to something.
  
  You know those AI generated “average male/female face” images you see sometimes? I feel like it could be interesting to have an “average nude body” image, but we need so many normal nudes to feed to the AI.
  
  source
satans_crackpipe@lemmy.world ⁨1⁩ ⁨year⁩ ago
[deleted]
source
- RespectfullyNo@sh.itjust.works ⁨1⁩ ⁨year⁩ ago
  Hackerman strikes agains
  
  source
andrew@lemmy.stuart.fun ⁨1⁩ ⁨year⁩ ago
Honestly the whole before/after nude photo aspect of plastic surgery feels so weird even if they’re never hacked. No other doctors do this. And I get it, portfolio and all that, but at least offer a discount of something. But everyone? For reasons? Not even just kinda creepy, that’s mega creepy. And as made evident by this breach, not even a little surprising that they have dog shit information security policies. Anybody at the office could probably get access to the shared folder they probably stuff these into. And the doctor’s kids all probably know his crappy password that never changes. So so so many ways this could and will go wrong.

source
- Kissaki@feddit.de ⁨1⁩ ⁨year⁩ ago
  How do you track and improve impact and quality of work without before and after documentation?
  
  source
  - andrew@lemmy.stuart.fun ⁨1⁩ ⁨year⁩ ago
    Notes.
    
    source