On June 5th I reported to you about the data breach at a Lithuanian cosmetic surgery clinic and now we have learned about a similar, but significantly different data breach suffered by prominent Beverly Hills plastic surgeon Dr. Zain Kadri whose patients include people from many states and four countries.
The data breach, which law enforcement says, affects approximately 15,000 people includes tremendous amounts of data, information and documents including before and after surgery photographs, patient records, credit card information and patient contact information. It appears that Dr. Kadri’s practice was both electronically hacked and physically burgled by a person, who police say, was a former employee.
The patients victimized by this crime face blackmail, extortion and identity theft as a result of the data breach.
Medical practices continue to be a prime target for identity thieves because they are often quite vulnerable to cyberattacks, but as this case apparently shows, data breaches can be done through old fashioned burglaries as well and it is important for all entities that store personal data to take steps to secure data both physically as well as electronically and to limit access to such information to only such employees as have a need to have access to the information.
Unfortunately, there is little that we as consumers and patients can do other than to limit the amount of personal information we provide, as best we can. For example, your doctor does not need your Social Security number. We should also inquire of anyone or any entity that retains our personal information about what they do to secure that information.