Austin Plastic Reconstructive Surgery Hit by Ransomware Attack, Exposing Sensitive Patient Data
Austin Plastic & Reconstructive Surgery, a Texas-based medical practice specializing in reconstructive and cosmetic procedures, confirmed a data breach after detecting unauthorized network access on February 28, 2026. The intrusion occurred between June 30 and July 1, 2025, with the ransomware group ThreeAM claiming responsibility and later posting about the breach on the Tor network on August 10, 2025.
An investigation revealed that hackers accessed or exfiltrated files containing sensitive patient information, including:
- Names, addresses, and dates of birth
- Financial account details
- Government-issued IDs (driver’s licenses, passport numbers)
- Social Security numbers
- Health insurance and medical records
The clinic, which serves breast cancer reconstruction patients and cosmetic surgery clients, began notifying affected individuals on March 11, 2026. The breach exposed data from a limited number of files, though the full scope of impacted patients remains unclear. Law firm Shamis & Gentile P.A. is currently investigating potential legal claims for those affected.
Austin Plastic & Reconstructive Surgery operates in Austin, Texas, with a team of 16 professionals led by Dr. Christine Fisher. The practice is known for its patient-centered approach and in-house MedSpa services.
Source: https://www.claimdepot.com/investigations/austin-plastic-reconstructive-surgery-data-breach-2026
Restora Austin Plastic Surgery, Skin & Laser Centre cybersecurity rating report: https://www.rankiteo.com/company/restora-austin-plastic-surgery-skin-&-laser-centre
"id": "RES1774391898",
"linkid": "restora-austin-plastic-surgery-skin-&-laser-centre",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Austin, Texas, USA',
'name': 'Austin Plastic & Reconstructive Surgery',
'size': '16 professionals',
'type': 'Medical Practice'}],
'attack_vector': 'Unauthorized network access',
'customer_advisories': 'Notified affected individuals on March 11, 2026',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Dates of birth',
'Financial account details',
'Government-issued IDs',
'Social Security numbers',
'Health insurance and medical '
'records']},
'date_detected': '2026-02-28',
'date_publicly_disclosed': '2026-03-11',
'description': 'Austin Plastic & Reconstructive Surgery confirmed a data '
'breach after detecting unauthorized network access on '
'February 28, 2026. The intrusion occurred between June 30 and '
'July 1, 2025, with the ransomware group ThreeAM claiming '
'responsibility and later posting about the breach on the Tor '
'network on August 10, 2025. Hackers accessed or exfiltrated '
'files containing sensitive patient information, including '
'personal, financial, and medical data.',
'impact': {'data_compromised': 'Sensitive patient information, including '
'personal, financial, and medical data',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential legal claims under investigation',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'ThreeAM'},
'references': [{'date_accessed': '2025-08-10',
'source': 'Tor network post by ThreeAM'}],
'regulatory_compliance': {'legal_actions': 'Potential legal claims under '
'investigation by Shamis & Gentile '
'P.A.',
'regulations_violated': ['HIPAA']},
'response': {'communication_strategy': 'Notified affected individuals on '
'March 11, 2026'},
'threat_actor': 'ThreeAM',
'title': 'Austin Plastic Reconstructive Surgery Hit by Ransomware Attack, '
'Exposing Sensitive Patient Data',
'type': 'Ransomware'}