Dr. Kristin Tarbet's Plastic Surgery Center

Dr. Kristin Tarbet's Plastic Surgery Center operates within the United States, providing specialized plastic surgery services. Its core activities involve patient consultations, surgical procedures, and associated clinical care. The practice handles highly sensitive patient information integral to its operations, including protected health information and detailed medical histories. This encompasses patient names, dates of birth, specific treatment details, and clinical measurements. Furthermore, the organization manages critical administrative functions such as appointment scheduling, insurance processing, and financial transactions. Payment processing systems and associated credentials form part of its operational infrastructure. The scope of its services directly involves managing extensive personal and medical data for its patient base.

The organization experienced a significant cybersecurity incident in May 2020 involving the Maze ransomware group. Despite the group's prior declaration of a moratorium on attacking healthcare entities, they successfully breached the plastic surgery center's systems. This breach resulted in the exfiltration of substantial volumes of sensitive corporate and patient data. Compromised information included detailed patient medical histories, treatment specifics, insurance records, contact information, and some Social Security numbers. Critical financial system credentials were also stolen. The attackers subsequently leaked this extensive dataset, which spanned multiple files containing clinical notes and appointment logs. This incident highlighted vulnerabilities within the practice's security posture and demonstrated the exposure of highly confidential patient records, potentially impacting thousands of individuals associated with the center.