Hackers publish private information of 25,000 patients from a Lithuanian cosmetic surgery clinic
cosmetic surgery company hacked by tsar team

Hackers publish private information of 25,000 patients from a Lithuanian cosmetic surgery clinic

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Another massive cyber-attack in a healthcare industry.

More than 25,000 private photos – including naked images – were made public by hackers on the 30th May as they gained access to a Lithuanian surgery’s server.

The Grozio Chirurgija clinic based in Kaunas, Lithuania, was hacked earlier this year by a group calling themselves “Tsar Team”. They managed to break into the servers in March, originally releasing a portion of their database alongside a large ransom demand from the surgery.

The hackers asked for nearly £350,000 in ransom payments from the surgery back in March to protect their patients’ medical records and private images, but the surgery refused to pay. As a result, the group released the whole database of nearly 25,000 patients onto the dark web.

What information was released?

The establishment specialises in a number of different surgeries including cosmetic surgeries, day surgeries and dentistry. They therefore have a large number of patients, and most of these patients will have to have photographs taken for the purpose of corrective surgeries, and some of these photos will be of sensitive areas. The hackers gained access to the patients’ medical records which included photos taken by surgeons before and after surgery.

The medical records also included:

  • Copies of passports
  • National insurance numbers
  • Names
  • Addresses
  • Phone numbers
  • Email addresses
  • Date of birth details

Depending on the level of information the hackers have on each patient, they are asking for €50 – €2,000 payment in Bitcoins to delete the records permanently from the internet. The hackers have scored the data sensitivity of each record from low to critical, with critical being the most expensive. They are also offering the whole database of all 25,000 patients on the dark web, which they originally listed it for 300 Bitcoin, which is equivalent to £500,000 but they have now reportedly dropped the price down to 50 Bitcoin, which is around £100,000.

Hackers bombarding patients

In an attempt to get their payments, hackers are contacting patients directly via email and text messages, threatening their sensitive medical records and photographs. The hackers seem somewhat desperate to receive payment for these records, but the surgery has informed patients to immediately report any blackmail to the authorities.

Out of the 25,000 patients affected, nearly 1,500 U.K. citizens are reportedly affected, and some of these are even thought to be celebrities. Patients from nearly 60 countries around the world are affected in total.

Authorities investigating

After the huge cyber-attack affecting the NHS last month, healthcare industries have been warned of imminent attacks on their servers. Medical records can be a treasure trove of sensitive information for cyber criminals – not only can they threaten ransom by making the organisations or patients pay out or face their information shared, but they can also use the data to impersonate a patient and potentially gain access to bank accounts or other financial information.

Police in Lithuania and authorities across Europe have been alerted. A cyber-attack on this scale can be punishable by up to three years in prison in Lithuania, and police are also warning that anyone who downloads or shares the data could also be prosecuted. They are also working with security services across Europe to come up with a solution to this breach.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon