Transform Hospital Group Data Breach Claims

If your data has been put at risk in this data breach, you may be able to claim with Keller Lenkner UK.

Get justice for the Transform Hospital Group data breach

In December 2020, UK cosmetic surgery provider Transform Hospital Group Ltd., also known as The Hospital Group, admitted that it had been hit by a ransomware data security attack. This incident resulted in the theft of extremely sensitive customer data.

In some cases, the criminals accessed intimate pictures of patients and threatened to leak these online. It said that these intimate photos “were not a completely pleasant sight”.

The information stolen in the Transform data breach also included:

Transform provides cosmetic and weight loss surgery, including breast enhancement procedures. Many patients have suffered understandable upset and distress following the breach. Not just because this sensitive information has been accessed by criminals, but also because of fears over what they might do with it.

If your data was included in this breach, you may be able to make a compensation claim with Keller Lenkner UK.

Why claim data breach compensation?

Hold The Hospital Group to account for failing to protect your private information.

Receive financial compensation for your losses.

Force The Hospital Group to implement better data security.

Has your data been compromised in the Transform Hospital Group data breach?

Transform said that it has emailed all customers about the attack. It also said that it would contact those who might have had their personal details compromised. If you have been a patient at the Transform Hospital Group and have not received this email, you should check your spam folder. You might also want to contact the company to see which of your details were exposed in the hack. This is called making a Subject Access Request.

Find out how to make a SAR.

The Hospital Group Data Breach Timeline

  • 6th December 2020
    Screenshots provided by the cybercriminals indicate that data was stolen from Transform on or about this date.
  • 22nd December 2020
    Transform admitted that it had suffered a data security incident.

Latest News


What do we know about the Transform Hospital data breach?

Transform Hospital Group Ltd., also known as The Hospital Group, suffered a cyberattack which resulted in extremely sensitive customer data theft. Transform provides cosmetic and weight loss surgery, including breast enhancement procedures across several clinics. The UK cosmetic surgery provider admitted that a ransomware data security incident had hit it and that cybercriminals may have accessed some of its patients’ personal data. Here’s what we know about this breach so far.

Read More »



Find out more about making a group action claim for compensation.



What does no-win, no-fee actually mean and are there really no costs if you appoint us?

Why use Keller Lenkner UK to make a claim?

We are one of the most experienced multi-claimant law firms in the UK.

Our GDPR, data breach and cybercrime specialists have a combined experience of over 50 years.

We represent clients in group actions and individual cases with innovation, resources, and expertise.

We work with expert barristers to ensure you get the very best level of legal support available.

We have all the resources and global expertise necessary to take on complicated cases and win.

We have offices in Chancery Lane London, Birmingham and Liverpool, and the technology to provide a nationwide service, so we can help clients across England & Wales.

We use technology to deliver a better legal experience to our clients.

We work on a no-win, no-fee basis.

We make the process straightforward and hassle-free.


Your questions answered

See our answers to the FAQs we get asked about the Transform Hospital Group Data Breach.

FAQs about the Transform Hospital Group data breach

In a statement, the company said:

“None of our patients’ payment card details have been compromised but at this stage, we understand that some of our patients’ personal data may have been accessed”.

The attack was carried out by the infamous REvil ransomware group which has previously attempted to extort companies and public figures including Donald Trump, Lady Gaga and Madonna.

The screenshots indicate that the data was stolen on or about 6 December 2020.

Transform confirmed the ransomware attack and informed the Information Commissioner’s Office (ICO) of the breach (as it is legally obliged to do).

Transform has emailed all customers about the attack and said that it would contact those who might have had their personal details compromised.

If you have been affected by the Transform Hospital Group data breach, we can help you make a compensation claim for:

  • the failure to protect your private and sensitive information.
  • any emotional distress suffered
  • any other losses experienced due to the breach (e.g. if cybercriminals used your details to carry out theft or fraud).

What can you claim for?

While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:

Financial loses

With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.


GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.

Loss of privacy

Your data has value, and organisations must be held to account if they fail to protect your right to data privacy or otherwise do not uphold your GDPR rights.

How to protect yourself following a data breach or cybercrime

  • Contact your bank or credit card provider immediately if your financial data has been exposed.
  • Check all bills and emails for goods or services you have not ordered.
  • Check your bank account for unfamiliar transactions.
  • Alert your bank or credit card provider immediately if there is any suspicious activity.
  • Monitor your credit score for any unexpected dips.
  • Call Credit, Experian and Equifax to ensure credit isn’t taken out in your name.
  • Never provide your PIN or full password to anyone (even someone claiming to be from your bank).
  • Never been pressured into moving money to another account for fraud reasons. A legitimate bank won’t ask you to do this.
  • Follow the security instructions provided by the organisation that breached your data.
  • Never automatically click on any suspicious links or downloads in emails or texts.
  • Don’t assume an email or phone call is authentic just because someone has your details.
  • Be careful who you trust – criminals often use scare tactics to try and trick you into revealing your security details.
  • Know that, even if you recognise a name or number, it might not be genuine.
  • Don’t be rushed or pressured into making a decision. A trustworthy organisation would never force you to make a financial transaction on the spot.
  • Never provide your full password, pin or security code to someone over the phone (or via message). If a bank believes a transaction has been fraudulent, they will not ask for this information to cancel the transaction.
  • Listen to your instincts and ask questions if something feels “off”.
  • Refuse requests for personal or financial information and stop discussions if you are at all unsure.
  • Contact your bank or financial service provider on a number you know and trust to check if a communication is genuine.
  • Be cautious of unsolicited communications that refer you to a web page asking for personal data.
  • Don’t accept friend requests from people you don’t know on social media.
  • Review your online privacy settings.
  • Report suspected fraud attempts to the police and Action Fraud.
  • Register with the Cifas protective registration service to slow down credit applications made in your name.
  • Change your passwords regularly and use a different password for every account (a password manager can help with this).
  • Protect your devices with up-to-date internet security software.