DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

Nashville plastic surgery center hit by ransomware

Posted on May 6, 2020 by Dissent

The plastic surgery center of Dr. Kristin Tarbet in Bellevue Washington was not the only plastic surgery hit by ransomware on May 1.  On the same day, Maze Team also reportedly hit Nashville Plastic Surgery Institute, LLC, dba Maxwell Aesthetics. It was the very day that they were reopening after having been shut down totally due to the city’s response to COVID-19.

As they did with the Tarbet proof, Maze Team dumped a lot of files with protected health information of patients. The patient information included name, date of birth, diagnostic information, type of surgery, and in some cases, health insurance information such as the patient’s policy number.

Even just a listing of the directory would have created problems for the practice, however, as they seem to use patients’ full names as part of the filenames.  For example, one filename had the structure:

<last name> <first name> <type of surgery> <name of insurance company> <month> <year>.

That alone would probably require notification under HIPAA if it was simply exposed. But it wasn’t simply exposed. The unencrypted files in the data Maze dumped included details of patients’ histories that would warrant the planned surgery and authorization request from insurers.

Preauthorization request to insurance company. Redacted by DataBreaches.net.

Other files also included orders for implants or extenders that would be needed for a named patient’s surgery. And yet other files related to business operations and network structure.

Some files related to business finances. Redacted by DataBreaches.net

Given that two plastic surgery entities were hit on the same day, it may be that Maze hit a vendor or business associate, but that is not known at this time. The Maxwell Aesthetics website, which was online earlier this morning, is currently unreachable, and DataBreaches.net was unable to send them an inquiry at this time.

This may be updated as more information becomes available.

 

 

Related Posts:

  • Little Rock Plastic Surgery releases statement after…
  • So much for their moratorium on attacking healthcare…
  • Plastic Surgery Patient Photos, Info Exposed by…
  • JEV Plastic Surgery & Medical Aesthetics notifies…
  • 'Tummy tuck' thief bilked coworker for…

Post navigation

← ‘No data, security breach’: Aarogya Setu says after hacker claims ‘privacy of 90 million Indians at stake’
Students, experts call for explanation after York University suffers ‘extremely serious’ cyber attack →

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • After $50 Million Breach, KyberSwap Faces Hacker’s Shocking Demands
  • Hendersonville city employees target of cybersecurity breach
  • Ukrainian gets 8-year sentence for running marketplace for Americans’ data
  • Some city data was stolen during cyber breach; full scope remains unknown, Long Beach says
  • More than 1 million Michiganders affected by Welltok cyberattack
  • Line operator says 440,000 personal records leaked in data breach
  • Ransomware group ‘Black Basta’ has raked in more than $100 million -researchers
  • DFS Announces $1 Million Cybersecurity Settlement With First American Title Insurance Company

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net