Two plastic surgery providers were recent targets of a ransomware attack that led to patients' information being posted online, according to a Cointelegraph report.
Five things to know:
1. Maze recently hacked the records of Bellevue, Wash.-based plastic surgeon Kristin Tarbet, MD, and Asheville Plastic Surgery Institute.
2. Maze has posted the names, addresses and social security numbers of Dr. Tarbet's patients online. The group also posted patients' before-and-after surgical procedure photos.
3. The group also targeted Asheville (N.C.) Plastic Surgery Institute and published stolen data online including patient names, date of birth, insurance details and implant order forms in addition to before-and-after photos.
4. In the past, Maze has attacked two targets in the same industry and has a history of leaking sensitive information if organizations don't pay the ransom demanded. Maze has previously demanded $2 million to decrypt data and destroy its copies of it.
5. To execute its ransomware attacks, Maze typically enters the system through easy-to-crack credentials or unpatched remote access systems, according to the report.