The famous Beverly Hills plastic surgeon who appeared in television shows such as “Botched” and “The Doctors” is being sued by a patient who alleges that the nude photos were published online after they were hacked. Notify you of a data breach.
Eight patients filed a class action lawsuit earlier this month, and Dr. Jaime Schwartz failed to maintain proper cybersecurity despite multiple warnings, which resulted in highly sensitive information being stolen and posted online.
Schwartz’s office did not respond to requests for comment this week.
The hacked data allegedly included the patient’s name, phone number, home address, and its driver’s license, insurance, credit card and medical information. Photos and videos of nude and partially dressed patients have also been hacked, including images of patients undergoing surgery under anesthesia.
Schwartz failed to notify patients in a timely or appropriate manner to the first hack in September 2023 or subsequent initial hacks or subsequent patients, or to address the weaknesses of security between the cases, the lawsuit states. It states.
He only notified patients in January this year, according to the complaint. The lawsuit alleges that he failed to provide necessary notice to the California Attorney General’s Office or the state health and human services agency.
“Even though he knew that his patients’ most private medical data was in the hands of malicious actors, Dr. Schwartz had waited almost ten months to notify them.” The complaint states. “Finally, after nude photos and home addresses started being posted online, anyone with an internet connection can access it.
The lawsuit leaves patients vulnerable to identity theft, causing serious reasons for “humiliation, shock, worry, anxiety” when information or photos have been posted online or already posted. It claims to have caused emotional distress.
The compensatory and punitive damages plaintiffs seeking will likely be in “tens of millions of dollars,” their lawyer, Damion Robinson, said.
The plaintiffs, Schwartz, a well-known plastic surgeon with over 189,000 followers on Instagram and offices in Beverly Hills and Dubai, had warned him of the need to protect his client’s data, but to ensure the network was secured. They claim that they were unable to take the necessary measures.
“Dr. Schwartz and others in the medical field, as well as others in the specific field, have been warned over the years by government agencies and specialized organizations. They have given sensitive patient data for ransom and terror. They say they are targeted by hackers they seek,” the complaint states.
Over the past few years, hackers have targeted plastic surgery practices as they use sensitive data they store to promote identity theft and attempt to force doctors and patients.
A report published in 2019 was American Medical Assn. It noted that 83% of doctors experienced some form of cyberattack and characterized cybersecurity as a “patient safety issue.”
According to a report by databreaches.net, there were at least 13 publicly reported cyberattacks on plastic surgery practices between 2017 and 2023. In 2023, the FBI issued a public service announcement that criminals are targeting the Office of Plastic Surgery to harvest personally identifiable information. Sensitive medical records are sometimes sensitive photographs. It’s about including the following.”
Hackers have so far released personal information about 30 Schwartz patients, the lawsuit claims, and threatens to continue doing so until they receive the ransom.
The lawsuit states that after the initial hack was reported online, a small number of patients contacted Schwartz, stating that only a limited number of patients were affected and information from other patients is safe.
After the second data breaches in March 2024, hackers announced their actions and created a public website to share patient photos and data. According to the complaint, Schwartz did not notify patients until January.
“Our office discovered on June 27, 2024 that an unauthorized third party used the credentials of a third party vendor to access the practice medical billing and practice management system. Upon discovering the incident, we worked with a specialized third-party forensic incident response company, conducted a forensic investigation and determined the degree of compromise. The investigation stated that the data was obtained without permission. Determined. After the electronic discovery ended on January 2, 2025, a portion of your personal information was determined to be present in the affected data set. Then, you will notify you of the incident as soon as possible. We have taken steps to do so.”
Source link
