Urgent Patient Advisory – Please Read Carefully
Dear Current or Former Patients of Richard E Davis MD FACS:
I am dismayed to report that in early November of 2019, The Center for Facial Restoration, Inc. (TCFFR) located in Miramar, Florida (Richard E. Davis MD FACS), was the victim of a criminal cyberattack. On November 8, 2019, I received an anonymous communication from cyber criminals stating that my “clinic’s server (was) breached”. The hackers claimed to have “the complete patient’s data” for TCFFR that “can be publicly exposed or traded to third parties”. They demanded a ransom negotiation, and as of November 29, 2019, about 15-20 patients have since contacted TCFFR to report individual ransom demands from the attackers threatening the public release of their photos and personal information unless unspecified ransom demands are negotiated and met.
On November 12, 2019, I filed a formal complaint with the FBI Cyber Crimes Center and two days later met with the FBI where they recorded detailed information regarding the cyberattack and ransom demands. The investigation is currently ongoing. The FBI requests that patients receiving ransom demands file an independent cybercrime complaint online at www.ic3.gov. For my part, I have installed new hard drives, firewalls, and viral/malware detection software in hopes of reducing exposure to future cyberattacks, but no system is foolproof, and even the United States government with all its resources has been victimized repeatedly. While upgrading my defenses clearly won’t help those individuals whose data has already been stolen, there is reason to suspect that the theft of patient photographs may be limited to only a very small number of individuals – mostly those patients who used email to send or receive their photographs – so the upgrades may prove useful. However, personally identifiable information (PII) may have been stolen for up to 3,500 former or current patients of TCFFR. Because we store PII as the scan of the patient’s intake demographic questionnaire, and not in an electronic demographic database, obtaining contact information in order to individually notify all 3,500 patients has been painstakingly slow and labor intensive, and access to the data has been hindered by ongoing IT service disruptions. Consequently, as an interim notification measure, I have posted this advisory on my website pending individual notifications. Also, kindly disseminate this information to anyone else that you know is a patient of record at TCFFR.
I deeply regret that individuals currently or formally under my care have been victimized by this criminal act, and I urge you to monitor your financial information closely. A photocopy of your driver’s license (or passport for foreign nationals), home address, email address, telephone number(s), and insurance policy numbers (when applicable) were routinely kept on file for most patients, as well as credit card payment receipts (which typically reveal only the last 4 digits).
Please contact TCFFR at +1 (954) 442-5191 or at drd@DavisRhinoplasty.com for any questions regarding this unfortunate matter. I am sickened by this unlawful and self-serving intrusion, and I am truly very sorry for your involvement in this senseless and malicious act.
Richard E Davis MD FACS
The Center for Facial Restoration, Inc.,
1951 SW 172nd Ave., Suite 205, Miramar, Florida 33029