The first time Patrick, a Plastic Surgeon, heard about Plastic Surgery businesses getting hacked, he couldn’t understand how other practices knew, what they possessed was of great value to steal. And why they didn’t have the right IT Support to prevent the attacks.
After stumbling onto this news, he surfed the internet, in search of stories, press releases or headlines to see how widespread cyber attacks on Plastic Surgery Clinics had become. It didn’t take very long.
Plastic Surgery Practice Released This Statement To The Press:
“We can confirm, our Plastic Surgery Clinic was the victim of a cyber-attack. We informed the Police right away. Measures to block the attack were immediate. Regrettably, our IT Support and the police, believe our IT System was hacked. The attackers wanted patient information. Data was stolen. But we are not sure what data is missing. We are working to establish the size and scoop of the theft. Please accept our deepest apologies for any inconvenience you may have through this recovery time.”
After reading, Patrick questions if the Plastic Surgery business had the Right IT Support In Place.
But then his search turned up three more attacks on Plastic Surgeons and Cosmetic Surgery Firms.
- Plastic Surgery headline which appeared online: “Hackers hit plastic surgery, threaten to release patient list and ”
- A story broke of the misfortune this Cosmetic Surgery Firm went through: “Initial Cosmetic Surgery Inquiry Forms, Submitted Online, ”
- This plastic surgery outfit wished this wasn’t made public: “Ransomware Attack May Affect 10K Plastic Surgery ”
After Patrick found four recent incidents of Cyber-Security breaches, he concluded Plastic Surgery practices are severe targets for Cybercriminals attacks. Had the right IT Security Support been in place, for each, there is a higher probability the attacks would have been spotted, quarantined and shut-down.
As he totaled up the losses, the numbers were staggering. In total, Patrick determined a high 6-figure amount of client names, addresses and telephone numbers grabbed. Lists of cosmetic procedures, including nude pictures, breast enlargements, liposuction and tummy tucks were attached to each client’s name.
As for the theft, of client’s clinical and financial information, it’s still unknown. Also, were there celebrities or famous people identities and personal information compromised? The reports suggest there were but wouldn’t state who they were.
Their stories moved Patrick to share his IT Support Checklist with you and express his thoughts, so you can avoid answering reporter questions as these companies did.
CK-LT 1. Compliance. On a scale from 1-10, how would you rate your Compliance?
I must protect my business at all costs. And due to the federal law, I have no choice but to comply. I have too many clients, plus the thought of a HIPAA compliance audit and possible violation fines scares me.
Also, according to, the Health Insurance Portability and Accountability Act, (HIPAA), enacted by the United States Congress in 1996, a healthcare/medical procedure provider must, at all costs, protect patients’ medical records and other sensitive healthcare information.
These federal mandates also require compliance from Plastic Surgery Businesses and Cosmetic Clinics, like yours. No healthcare/medical procedure provider is exempt.
CK-LT 2. Digital Patient Photos. On a scale from 1-10, how would you rate your patient photo sharing and storing practices?
Cell phones. I use them in my practice, and you probably do too. Even our employees do, and they can be careless with their phones. Such as taking “Selfies.”
But in the world of Plastic and Cosmetic Surgeries, there are two significant risks with digital patient photographs we face.
Due to this common practice, it can be traced and associated with patient data theft and HIPAA compliance violations. I monitor my employees closely, hope you do too.
CK-LT 3. IT Support. On a scale from 1-10, how would you rate your IT Security Support?
This item goes along closing with CK-LT1. But with one difference. My IT Support must also be HIPAA compliant. I won’t budge on this. I learned that if they have access to my data, I am responsible for their compliance. If they are not compliant, I won’t use their services.
Information Technology support and services, for Plastic and Cosmetic Surgery Centers, must be compliant. My requirements:
- Health Information Technology for Economic and Clinical Health (HITECH)
- Health Insurance Portability and Accountability Act (HIPAA)
- Compliance, Audits, and Backups
CK-LT 4. IT Monitoring. On a scale from 1-10, how would you rate your IT Monitoring?
Some of my peers only have 9-5 monitoring, Monday through Friday. I prefer my team to be watching all the time. Attacks may happen after hours. Too great of a risk.
I believe your computer network or system must have around the clock eyes-on monitoring. Even when your Plastic Surgery office is not open, there are “Bad Actors” out there who want our patient’s records and information. The right IT Monitoring spots the threats, contains them, and quarantines each attack.
CK-LT 5. Business Continuity. On a scale from 1-10, how would you rate your backup and restore protocols?
If my system went down as you are reading this, how quickly do you think my reliable IT Support would have me back up and running? Also at what point can they recover and restore my files?
Depending on the attack, I will be back up and operational quickly. My team also can restore my files just before the hack. So my data loss is minimal, and any ransom demands, on stolen data, from a cybercriminal, I can ignore.
CK-LT 6. Confidence. On a scale from 1-10, how would you rate your overall confidence with your IT service provider?
Okay, I’m biased. Nova Computer Solutions is the right IT Support and Consulting provider for my Plastic Surgery practice. They take great care of my IT Security, and I can call them anytime. Even at 3:11 am, on a Sunday. Not to mention they don’t gouge me with surprise invoices.
Also, they keep me from having to answer reporter questions.