UK cosmetic surgery provider Transform Hospital Group Ltd., also known as The Hospital Group, has suffered a cyberattack resulting in the theft of extremely sensitive customer data. In some cases, the criminals accessed the intimate pictures of patients. Find out more about the Transform Hospital Group data breach here.
Transform provides cosmetic and weight loss surgery, including breast enhancement procedures across several clinics. It has had many celebrity endorsements over the years, including from singer Kerry Katona, actress Tina Malone and reality TV star Joey Essex.
What happened in this data breach?
On 22 December 2020, Transform admitted that it had been hit by a ransomware data security incident. In a statement, the company said:
“None of our patients’ payment card details have been compromised but at this stage, we understand that some of our patients’ personal data may have been accessed”.
The attack was carried out by the infamous REvil ransomware group which has previously attempted to extort companies and public figures including Donald Trump, Lady Gaga and Madonna. It is thought that the group might be based in Russia.
Speaking about the Transform Hospital Group breach, the group said that it had obtained some of “the most important documents, personal data of customers, as well as intimate photos of these customers (this is not a completely pleasant sight)”.
The group also provided screenshots to prove that the data had been stolen and threatened to leak the pictures.
The screenshots indicate that the data was stolen on or about 6 December 2020.
Emotional distress following Transform Hospital Group data breach
For patients of Transform Hospital Group affected by this breach, this situation has caused understandable upset and distress.
Speaking to the BBC, one former patient who had chest reduction surgery with The Hospital Group said that he was “concerned as the last thing I want is ‘before photos’ being splattered around in the public domain. I’ve tried to keep my surgery private and not even some of my friends and colleagues know about it, so the data breach is concerning for me.”
How did Transform respond to the attack?
Transform confirmed the ransomware attack and informed the Information Commissioner’s Office (ICO) of the breach (as it is legally obliged to do). It also emailed all customers about the attack and said that it would contact those who might have had their personal details compromised. However, many of those affected by the breach now have questions about The Hospital Group’s data security.
Making a medical data breach compensation claim
As patients, we expect our confidential medical data to be taken care of. But the UK health sector accounts for nearly half of all data breaches. Moreover, as our health and social care system becomes increasingly digital, there are concerns that the robust protections required are simply not in place.
If you have been affected by the Transform Hospital Group data breach, we can help you make a compensation claim for:
- the failure to protect your private and sensitive information.
- any emotional distress suffered
- any other losses experienced due to the breach (e.g. if cybercriminals used your details to carry out theft or fraud).