Texan plastic surgeon notifies 32K people of data breach that leaked medical info and patient images

Vitenas Cosmetic Surgery is notifying 31,852 people of a February 2025 data breach that exposed Social Security numbers and health information. Ransomware gang Kairos claimed the attack after allegedly stealing 734 GB of data. Images of patients were included in its proof pack.

In its notification, Vitenas confirms that: “On or about February 26, 2025, we detected we were the target of a data security incident. An unauthorized third party attempted to infiltrate our computer network.” On March 5, Kairos added the plastic surgery clinic to its data leak site and included nude patient photos within some of the leaked data.

DataBreaches.net spoke to Kairos earlier this month and was told the ransomware group had gained access to Vitenas through a “simple brute force attack.” It also alleged that the IT department “knew for sure” that it had been hacked and that negotiations with Dr. Vitenas had been ongoing for a month.

Vitenas hasn’t confirmed Kairos’ claims, whether or not a ransom was demanded, or how much the ransom was. Comparitech has contacted the clinic for more information and will update this article if it responds. Vitenas is offering those affected 12 months’ access to credit monitoring services via TransUnion.

Who is Kairos?

Kairos is a relatively new ransomware group that first started adding victims to its data leak site in November 2024 having been active from July 2024. Since then, it’s added 30 victims to its data leak site with this attack on Vitenas being the first confirmed attack.

Healthcare companies appeared to be a focus for the group when it first emerged, with other victims including Clay Platte Family Medicine Clinic and Sunny Days Sunshine Center. Clay Platte confirmed it had suffered a cyber attack in June 2024, while Sunny Days noted internet and phone disruptions in July. Neither of these attacks have been confirmed as ransomware yet, however.

Subsequent claims from the group have included varied victims from government entities and schools to finance organizations and construction companies.

Ransomware attacks on the US healthcare sector

Throughout 2025 so far, we’ve noted 14 attacks on the US healthcare sector. These attacks have affected over 224,000 records, with the biggest breach being on Central Texas Pediatric Orthopedics where over 140,000 are now confirmed to have been affected. Qilin claimed this attack from January 2025.

Loretto Hospital has also confirmed that patients were impacted in an attack in January 2025, which was claimed by RansomHouse. The total number of people affected remains unknown but a placeholder of 501 has been added to the OCR data breach tool. Kidney dialysis firm DaVita Inc. is also grappling with an attack on its systems this week, but no ransomware gangs have claimed this attack as of yet.

All of the above attacks demonstrate the widespread impact ransomware can have on healthcare companies, from the disruption they cause when systems are encrypted to the ongoing effects of a data breach as a result of the attack.

Our data also highlights the ongoing threat of ransomware for healthcare companies with 160 attacks confirmed in 2024 and 167 confirmed in 2023–the two highest years since we began reporting on these attacks in 2018.

We are also monitoring 78 unconfirmed attacks claimed by various groups this year so far.

About Vitenas Cosmetic Surgery

Located in Houston, Texas, Vitenas Cosmetic Surgery was founded in 1990 by plastic surgeon Dr. Paul Vitenas.