We’ve stressed the risk of medical records data breaches before, but a new breach could be the most memorable and damaging in recent history. Dr. Zain Kadri’s private plastic surgery clinic on Rodeo Drive in Beverly Hills experienced a data breach that included the loss of 15,000 customer records along with “before and after” photos. At least some of those impacted could be celebrity clients.
Kadri’s Advanced ENT Head & Neck Surgery clinic bills itself on Twitter as “Beverly Hills facial plastic surgery & reconstruction for high-profile clients, celebrities, and local Angelenos.”
The practice stated that a disgruntled employee was responsible for the records theft. She was reportedly hired as a driver and translator and then dismissed for committing fraud on her time records. She had also taken numerous unauthorized patient photos on her corporate-issued smartphone.
Kadri’s clinic posted a notice on their website indicating, “The staffer stole credit card information, debit card information, IDs, copies of checks, usernames, passwords, photographed our patients, prior to and during surgery, as well as, recording conversations.”
That’s not the worse news, either. The statement added, “Unfortunately, the company no longer has contact details for the majority of the Patients effected, as all paper records and local data storages were stolen during a physical break-in of our records facility during the week of May 1st.”
Could it get much worse? The practice established a dedicated email address—breach@AENTHNS.COM— for patients who have questions. There will be hundreds if not thousands of customers now trying to gain more information. The clinic posted a webpage outlining steps patients should take to protect themselves but has not offered to assist in any identity monitoring or recovery that might be needed.
This breach dates back to records from September 2016, according to KTLA5 News in Los Angeles and involves clients from numerous states and four nations.
The practice of patients traveling from other countries to get plastic surgery is evidently quite common. Now data breaches are becoming common as well. A week earlier, a clinic in Lithuania reported a similar records hack. Numerous patients have come forward indicating the hackers are blackmailing them and threatening to release their records because the clinic refused to pay up. Clients from 60 countries including 1,500 Britons, were among the individuals shocked and angered by the data loss.
Ask your doctors how they retain and protect your data. Is encryption part of the process? Don’t volunteer any personal information unless the clinic insists. Social Security numbers, for example, are still requested on records forms but, most likely, no one will complain if you leave that space blank.