Patients of a Beverly Hills plastic surgeon are taking legal action against him for failing to disclose two separate incidents where his patient information database was hacked and personal information, including nude photos of patients, was posted online. The surgeon in question, Dr. Jaime Schwartz, is accused of not implementing industry-standard security measures to protect patient information and misleading patients about the extent of the breaches.
According to the class action lawsuit, Dr. Schwartz’s patient database was first hacked in October of 2023, with hackers exfiltrating a significant amount of data, including nude photos of patients with their faces visible. Despite being notified of the breach, Dr. Schwartz allegedly did not take immediate action and refused to pay the ransom demanded by the hackers. Subsequently, the hackers posted additional updates online, including more stolen patient information.
The lawsuit claims that Dr. Schwartz failed to notify his patients of the breach until some of them discovered their information online. When confronted by a patient about the hack, a person claiming to be in charge of cybersecurity for Dr. Schwartz, believed to be the surgeon’s brother, assured the patient that only six people were affected by the breach and that her data was not compromised. However, the lawsuit alleges that Dr. Schwartz did not take adequate measures to secure his network and prevent future cyberattacks.
The medical community has been increasingly targeted by hackers seeking to exploit patient data for extortion and identity theft. Plastic surgeons, in particular, have become prime targets due to the sensitive nature of the information they possess, including medical records and photographs. The lawsuit highlights the vulnerability of plastic surgeons to cyberattacks and the importance of implementing robust security measures to protect patient privacy.
Despite the prevalence of data breaches in the healthcare industry, the lawsuit alleges that Dr. Schwartz did not learn from the first hack and failed to secure his network effectively. In March of 2024, the surgeon was allegedly hacked again, resulting in the compromise of all patient data. The plaintiffs claim that Dr. Schwartz neglected to notify patients promptly after the second breach and only did so after the hackers publicly announced the hack and leaked sensitive information.
The lawsuit seeks damages of up to $3,000 per violation per person, totaling more than $5 million, as well as a potential jury trial. Despite the accusations against him, Dr. Schwartz’s office has not provided a response to the allegations.
The case serves as a cautionary tale for healthcare providers about the importance of safeguarding patient information and taking proactive measures to prevent data breaches. As cyber threats continue to evolve, healthcare professionals must remain vigilant in protecting patient privacy and upholding ethical standards in the digital age.