back to article Now BlackCat extortionists threaten to leak stolen plastic surgery pics

Ransomware gang BlackCat claims it infected a plastic surgery center, stole "lots" of highly sensitive medical records, and has vowed to leak patients' photos if the clinic doesn't pay up. The notorious extortion crew, aka AlphaV, on Wednesday added the Beverly Hills Plastic Surgery to its list of compromised organizations, …

  1. Anonymous Coward
    Anonymous Coward

    Shamir’s Secret Sharing

    This isn’t rocket science, we mostly solved this risk a long time ago. There is no reason not to escrow parts of keys so that sensitive data which doesn’t need to be accessed constantly is always unintelligible to attackers by default.

    Not to blame the actual victims (the patients) but the clinic deserves every bit of blame it gets here.

    1. Cybersaber

      Re: Shamir’s Secret Sharing

      Nah, this is where security meets reality. SSS would not work in a medical setting because PEOPLE are a component of security, and doctors are (by and large) completely ignorant and intolerant of security and are key stakeholders in the business. Something as complicated to operate as Shamir's is not a good fit for this use case.

      1. b0llchit Silver badge
        Boffin

        Re: Shamir’s Secret Sharing

        But the stakeholders may also get sued by the patients for not keeping their data private. That may prove to be a lot more expensive in the end than improved procedural security.

        1. Cybersaber

          Re: Shamir’s Secret Sharing

          Um, so yeah, it's not likely you've worked as IT in a medical practice. A doctor is too busy to sit down and understand or care about any of that. Does it help them with patients? Does it earn them more money? No?

          That's what insurance is for. Go away and make my tablet work.

          They're mostly not mean about it, they just don't have the mindset or inclination to understand mostly.

          1. Arthur the cat Silver badge

            Re: Shamir’s Secret Sharing

            They're mostly not mean about it, they just don't have the mindset or inclination to understand mostly.

            And if massively overstretched like NHS doctors, they probably don't have the spare cognitive bandwidth to understand it any way. Doctors shouldn't have to understand cryptography any more than their patients should have to understand endocrinology or oncology.

          2. TeeCee Gold badge

            Re: Shamir’s Secret Sharing

            I just love that attitude.

            There are some professions (and medicine is one of them) where computers have become a key tool of the job. I find it hysterically funny that allegedly intelligent professionals just can't be arsed to make an effort to use one of their "key tools" effectively. They don't seem to be able to get it into their heads that doing so would almost certainly mean they'd be less heavily worked, not more.

            Then again many, if not most, doctors are actually databases on legs with a really shit query interface.

      2. Orv Silver badge

        Re: Shamir’s Secret Sharing

        This is an industry that still uses fax for communications and had to be dragged kicking and screaming into using computerized patient records at *all*.

        That said I suspect most of these photos are a lot less interesting than people are imagining. People who have just had cosmetic surgery look like they've been hit in the face with a frying pan. It takes a week for them to even be recognizable and another couple weeks to see any idea of the final result. Unless you have some very specific sorts of surgical fetishes no one's going to be getting off to this stuff.

  2. Cybersaber

    We've got the bits of your bits...

    Agreed, the focus should be on a proctology exam of the clinic's security. It's no charity hospital running on a shoestring budget. It's plastic surgery, they're not low-rent doctors.

    Then if the clinic actually did an OK job on security, and the crooks got in through an insecure medical device or somesuch (a very, very real possibility) then regulators should go after the device manufacturers too.

  3. Anonymous Coward
    Boffin

    Ransomware gang claims it infected a plastic surgery center

    “Ransomware gang BlackCat claims it infected a plastic surgery center”

    What is the initial method of infection?

  4. tiggity Silver badge

    Celebs?

    Is this Beverley Hills clinic "high end" with a lot of rich celeb customers?

    If so pic reveals might be a ploy to get the clinic to pay before they get hit by lawsuit hassle from wealthy celebs who definitely don't want their personal details revealed and have the beefy lawyers to persuade the clinic to do something about it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like