News & Resources

Hackers Steal Data from Cosmetic Surgery Chain The Hospital Group

  • Posted on

Hackers have stolen data from the cosmetic surgery chain The Hospital Group and are threatening to release sensitive patient information including before and after photos.

The hacker group REvil, also known as Sodinokibi, have taken responsibility for the hack, claiming that they have obtained over 900 gigabytes of patient photographs.

The Hospital Group confirmed the hack in a statement on their website: "Transform Hospital Group recently experienced a data security incident. Elements of our IT systems were accessed by an unauthorised third party on December 6th.

“While we currently have no evidence that the data we hold for the majority of our patients has been taken, we have identified the possibility that some personal data relating to a small minority of individuals may have been extracted during the incident. We will be writing separately to anyone who could be affected by this.

“We can provide reassurance, however, that no payment card details have been compromised.”

Speaking to the BBC, a customer spoke about his concerns regarding the breach, saying: "I have had an email from The Hospital Group informing me of a 'data security incident' but no detail as to what has been hacked.

"I'm obviously concerned as the last thing I want is 'before photos' being splattered around in the public domain. I've tried to keep my surgery private and not even some of my friends and colleagues know about it, so the data breach is concerning for me."

The Hospital Group is said to have reported the incident to the Information Commissioner’s Office (ICO).

Once the ICO is informed of a data breach, it will investigate and, where appropriate, take action. This could include requiring the organisation in question to pay a fine and/or take steps to improve their security processes.

Hayes Connor is currently acting for several clients who have been affected by The Hospital Group data breach and are ready to advise anyone else who may have been impacted.

Wondering if you may be entitled to compensation for The Hospital Group data breach? Please get in touch.

What to do if you are worried about The Hospital Group data breach

If you have been affected by The Hospital Group data breach, then the company should have already contacted to inform you of the situation. If you are yet to hear from them and you are concerned that you are at risk, you should get in contact with The Hospital Group directly.

It’s possible that, following any sort of data breach, personal data can fall into the hands of people who could use it for fraudulent purposes.

It’s therefore important to be vigilant of any emails, phone calls or communication from anyone claiming to be representing The Hospital Group. These could be ‘phishing’ attacks designed to extract further personal information from you.

There are a number of steps you can take to minimise the risk of your data being used by cybercriminals. For further information, take a look at our guide to what to do if your data has been stolen in a data breach to find out more.

You may also want to consider whether you are entitled to compensation following The Hospital Group data breach. This is something the team at Hayes Connor can discuss further with you.

How Hayes Connor can help you claim compensation for The Hospital Group data breach

Organisations that hold your personal data have an obligation to keep it secure. That means that when a data breach does occur, the people who are affected will likely have grounds to claim compensation.

Hayes Connor has one of the largest teams of data breach claims specialists in the country, with a wealth of combined experience. We are already acting for several clients who have been affected by The Hospital Group data breach, so we are well placed to provide effective assistance if you believe you have been affected.

Our expert team will be able to advise you on whether you have grounds to make a claim, the level of compensation you could receive and what you need to do to start a claim.

Our aim is to ensure that anyone affected by a data breach can access the compensation they deserve, while making the process of claiming compensation as straightforward and stress-free as possible.

You can find out more about our expertise and how we handle data breach claims here.

To start a claim, you can use our online claim form.

To speak to a member of our team, please do not hesitate to give us a call on 0330 041 5135