"We recently became aware that an unknown individual had deliberately bypassed our website security, gaining access to information from initial website enquiries in an attempt to extort money from the company," company chairman Peter Boddy shared in a statement mailed to the company's clients.
He reassured them that no clinical and financial information has been compromised, but their name, date of birth, email address, and phone number have been accessed.
"The police and the information commissioner were notified and we contacted everyone whose inquiry may have been accessed to apologise and to reassure them that all clinical and financial records remain totally secure. We have taken action to further strengthen the security around website inquiries," he added.
They have not shared how the breach happened, but apparently Russian hackers might be behind it.
The information the attackers lifted could not only be used to extort money from the company, but also from the individuals that sought the consultation - the possibility that they are well moneyed and interested in keeping these procedures secret is high.
I wonder if the attackers have already started doing that.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.