Nearly a dozen women have sued a Las Vegas plastic surgery practice after its systems were hacked and their nude photos and information posted online.
Hankins & Sohn Plastic Surgery had its systems hacked in February, and the hackers posted before-and-after photos of numerous breast augmentations on women, along with their names, addresses and other sensitive data.
Now the FBI is investigating the cyber hack, and a number of plaintiffs have joined a federal class action lawsuit against Hankins & Sohn, claiming the firm didn’t do enough to protect their data.
According to 8 News NowThe hacked images stolen earlier this year showed patients’ faces, breasts, sensitive body parts and surgical photos.
In addition to images, personal information such as names, medical records, addresses and social security numbers were also leaked and posted online during the hack.
Four women, who are plaintiffs in the class action lawsuit and say they were victims of the cyber hack, remained anonymous but said they were terrified after their private information was posted online
Hankins & Sohn Plastic Surgery had its systems hacked in February and the hackers posted before-and-after photos of numerous breast augmentations on women, along with their names, addresses and other sensitive data
It is understood that as many as 12,000 patients could be affected, according to 8 News Now.
A female patient who had undergone breast augmentation surgery and whose photos and information had been hacked and released told 8 News Now: “We went to an office that we thought was safe.
‘That would protect us. We paid a lot of money and look what happens.”
Of the four unnamed women who spoke to the outlet, one said she paid $7,000 for her cosmetic surgery at Hankins & Sohn, while another paid $30,000 for a full body makeover.
One woman said the hack was: ‘Absolutely heartbreaking. I didn’t even want to leave my house. I didn’t even want to talk to anyone.’
Another told 8 News Now: ‘I am beyond shocked that my information and my photos have been leaked.’ And a third said: ‘Plus I’m absolutely humiliated. It’s devastating.’
One of the women said of what they want to get out of the lawsuit: “I want to see justice.
“I want them to acknowledge what they didn’t do. Our photos are not protected. Our information is not protected. “I want them to say they were wrong because they didn’t have the security they should have as a doctor’s office.”
In a letter to their patients in April, the operation wrote: “On or about February 23, 2023, Hankins & Sohn became aware of suspicious activity regarding allegations from an unknown actor that data had been stolen from our network.”
None of the women who came forward said they had heard anything about the operation since the hack.
Attorney Mark Bourassa represents ten women in a class action lawsuit.
The lawsuit stated that the breach was “a direct result of Defendant’s failure to implement adequate and reasonable cybersecurity procedures and protocols,” which placed the women’s personal information “into the hands of cybercriminals who want it for nefarious purposes to use’.
Three claimants also say they were contacted directly because they were threatened by the hackers that if they did not pay a ransom they would post their images online.
In a letter to their patients in April, the operation wrote: “On or about February 23, 2023, Hankins & Sohn became aware of suspicious activity regarding allegations from an unknown actor that data had been stolen from our network.
Attorney Mark Bourassa (pictured) represents ten women in a class action lawsuit. He said this case is about a ‘breach of trust’
“We have taken swift steps to investigate the validity of the claims, assess the nature and extent of the activity and assess what information may have been compromised.
“We are also working with police to investigate the activity. We have learned that the files were created by the unknown actor prior to this date.”
In July, a website with a Russian domain containing photos and data about the patients appeared on the Internet. The FBI was able to shut it down, the women said, but a new one emerged in October.
The hackers wrote on October 17: ‘Mr. Hankins and Mr. Sohn continue to ignore the situation; we suppose they listen to the opinions of some ‘experts’ and other ‘specialists’.
‘We have to take into account that this involves a large number of clients and that these are inevitably winnable cases for lawyers, so they will certainly advise not to enter into dialogue with us.’
The Nevada-based company is named after and run by board-certified plastic surgeons, W. Tracy Hankins and Samuel M. Sohn.
Their attorney Gary Schnitzer said in a statement: “Hankins and Sohn Plastic Surgery are devastated by the data breach that occurred at the hands of third-party criminal actors.
“Both our patients and our practice are suffering from this deliberate criminal activity. We continue to work with the FBI and other agencies to protect patient information and bring these bad actors to justice.”
The lawsuit asks for a jury trial, as well as compensatory and punitive damages.