AZ Plastic Surgery Center

AZ Plastic Surgery Center operates as a plastic surgery practice located in Arizona, with its headquarters situated in the United States of America. The facility provides a range of cosmetic and reconstructive surgical procedures aimed at improving appearance and restoring function. Its clientele includes individuals seeking elective aesthetic enhancements as well as patients requiring medically necessary reconstructive interventions. The center has been noted for treating high‑profile clients, including celebrities, which has contributed to its recognition within the specialty. Services are delivered in accordance with standard medical practice for plastic surgery. The practice operates as an outpatient center where patients undergo procedures and receive postoperative care in a clinical setting. While the exact number of treatment rooms or staff members is not disclosed in the available sources, the organization’s focus remains on surgical specialty care.

In December 2018, the center experienced a cybersecurity breach when the hacking group TheDarkOverlord infiltrated its network and exfiltrated sensitive patient information. The compromised data encompassed names, addresses, medical records, identification documents, pre‑operative photographs, and extensive medical dictations. According to the breach notification, approximately 5,500 patients were informed that their personal details might have been exposed. The attackers leaked a sample archive containing hundreds of files to demonstrate the extent of the theft. They attempted to extort money from the practice by threatening to release compromising pre‑operative images and patient details. The center refused to meet the ransom demands and chose instead to report the incident to authorities. No confirmed misuse of the stolen data was reported at the time of the public disclosure.

Upon discovering the intrusion, the practice promptly reported the incident to law enforcement agencies and federal health authorities, including the Department of Health and Human Services. The center also undertook direct notification of affected individuals in line with HIPAA breach‑response requirements. Its response highlighted a commitment to regulatory compliance and patient transparency despite the pressure to pay a ransom. The incident underscored the vulnerability of healthcare providers to targeted cyber threats seeking to monetize protected health information. Consequently, the case is frequently cited in discussions about cybersecurity risk management for outpatient surgical centers. The breach prompted the organization to review and strengthen its information security controls, although specific post‑incident measures are not detailed in the public record. Overall, the episode serves as a reminder of the importance of safeguarding patient data in specialized medical practices.