{
	"id": "a39083a9-39c0-441e-b1dd-f63a71e5a342",
	"created_at": "2026-04-06T00:11:25.105311Z",
	"updated_at": "2026-04-10T03:29:39.902149Z",
	"deleted_at": null,
	"sha1_hash": "71ce520fb00ce6ca39d6569f707d317cd0c87e32",
	"title": "Now BlackCat extortionists threaten to leak stolen plastic surgery pics",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45738,
	"plain_text": "Now BlackCat extortionists threaten to leak stolen plastic surgery\r\npics\r\nBy Jessica Lyons\r\nPublished: 2023-06-22 · Archived: 2026-04-05 16:04:14 UTC\r\nRansomware gang BlackCat claims it infected a plastic surgery center, stole \"lots\" of highly sensitive medical\r\nrecords, and has vowed to leak patients' photos if the clinic doesn't pay up.\r\nThe notorious extortion crew, aka AlphaV, on Wednesday added the Beverly Hills Plastic Surgery to its list of\r\ncompromised organizations, and bragged about swiping people's personal information and healthcare records,\r\n\"including a lot of pictures of patients that they woud [sic] not want out there.\"\r\nThe note continued: \"Leak to follow if no contact made.\"\r\nBeverly Hills Plastic Surgery did not immediately respond to The Register's inquiries. We will update this story if\r\nand when we hear back from the California clinic.\r\nThe ransomware-as-a-service group's affiliates have been especially active lately, threatening to leak stolen Reddit\r\ndata from a February intrusion and also posting sensitive information belonging to Australian federal agencies and\r\nbanks after breaching law firm HWL Ebsworth earlier this year.\r\nWhile threatening to make public before-and-after photos of nose jobs — and presumably more NSFW surgical\r\nenhancement pictures — is especially repulsive, even for criminals, it's not as original as it seems.\r\nAs Emsisoft Threat Analyst Brett Callow, who posted a screenshot of the miscreants' leak threat, pointed out:\r\n\"This is not the first time a ransomware operation has threatened to release photos of cosmetic surgery photos.\"\r\nREvil did it back in 2020 after breaching The Hospital Group, which claims to be the UK's top weight loss and\r\ncosmetic surgery group.\r\nReddit confirms BlackCat gang pinched some data\r\nFBI: BlackCat ransomware scratched 60-plus orgs\r\nCancer patient sues hospital after ransomware gang leaks her nude medical photos\r\nData leak at major law firm sets Australia's government and elites scrambling\r\nMore recently, other extortionists have become more personal in their threats, especially as they increasingly\r\ntarget hospitals and other healthcare organizations entrusted with protecting very sensitive and private\r\ninformation.\r\nIn February, BlackCat broke into an American healthcare provider — Lehigh Valley Health Network (LVHN) —\r\nand stole images of patients undergoing radiation oncology treatment along with other health records belonging to\r\nmore than 75,000 people before posting at least some of that data online.\r\nhttps://www.theregister.com/2023/06/22/blackcat_ransomware_plastic_surgery_clinic/\r\nPage 1 of 2\n\nA cancer patient whose nude medical photos and records were shared sued LVHN for allowing the \"preventable\"\r\nand \"seriously damaging\" leak.\r\nIf the gang's latest claims turn out to be true, and BlackCat did steal patient photos and protected health info\r\nbelonging to Beverly Hills Plastic Surgery's clients, we'd expect to see similar lawsuits in the near future. ®\r\nSource: https://www.theregister.com/2023/06/22/blackcat_ransomware_plastic_surgery_clinic/\r\nhttps://www.theregister.com/2023/06/22/blackcat_ransomware_plastic_surgery_clinic/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.theregister.com/2023/06/22/blackcat_ransomware_plastic_surgery_clinic/"
	],
	"report_names": [
		"blackcat_ransomware_plastic_surgery_clinic"
	],
	"threat_actors": [
		{
			"id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b",
			"created_at": "2022-10-25T16:07:23.303713Z",
			"updated_at": "2026-04-10T02:00:04.530417Z",
			"deleted_at": null,
			"main_name": "ALPHV",
			"aliases": [
				"ALPHV",
				"ALPHVM",
				"Ambitious Scorpius",
				"BlackCat Gang",
				"UNC4466"
			],
			"source_name": "ETDA:ALPHV",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BlackCat",
				"GO Simple Tunnel",
				"GOST",
				"Impacket",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Munchkin",
				"Noberus",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"WebBrowserPassView"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434285,
	"ts_updated_at": 1775791779,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/71ce520fb00ce6ca39d6569f707d317cd0c87e32.pdf",
		"text": "https://archive.orkl.eu/71ce520fb00ce6ca39d6569f707d317cd0c87e32.txt",
		"img": "https://archive.orkl.eu/71ce520fb00ce6ca39d6569f707d317cd0c87e32.jpg"
	}
}