The sample data was a 531.8 MB archive with folders containing “Dictations” (75 files), “Photos” (more than 160 photos), and “Patient ID Verification” (4 files). The Dictations folder and Photos folder contained more than one file or image for some patients, so these were not all unique patients in each folder.
Many of the photos in the archive released by the hackers would permit identification of patients because in some cases, you can see the patients’ faces, and in other cases, the filenames for the photos may contain the patient’s first initial and last name.
DataBreaches.net is not reproducing any of the data from the archive the hackers provided.
Inspection of the meta data suggests that the newest dictation files were created December 5, 2018 and related to services or consultations conducted on November 28, 2018.
As with their hack of the London Bridge Plastic Surgery Center, TDO may have hoped that people — especially celebrities — would pay good money not to have their before, during, or after pictures of plastic surgery released publicly. Whether TDO is privately trying to extort patients directly is unknown to this site, but Dr. Spies seems to have refused to pay them, and has reported the incident to law enforcement, HHS, and his patients. According to his notification to HHS, he has notified 5,524 patients.