Data Breach Lawsuit Against Manhattan Plastic Surgeon

A class action lawsuit has emerged against a prominent plastic surgeon in Manhattan, alleging that numerous patients had their nude photographs and Social Security numbers posted online without any notification from the doctor or authorities.

According to the lawsuit, Dr. Richard Swift’s office, located on the affluent Upper East Side, fell victim to a malware attack last year, resulting in sensitive data about at least 22 patients being stored on a Russian-hosted website.

Linda Kutouna, one affected client, revealed that images taken during a consultation were hacked and shared online. She discovered this only after the hackers reached out to her directly, which was understandably alarming.

Kutouna, who approached Swift’s office in 2023 regarding breast implant removal, described the entire episode as “traumatic” and “humiliating.” She expressed her disappointment, saying, “He just didn’t want to take any responsibility, he didn’t acknowledge it… I think reassurance would have been the least we could ask for.” Unfortunately, that reassurance never came.

The lawsuit points fingers at Swift’s “inadequate protection of its computer systems,” claiming he failed to fulfill his legal obligation to inform patients about the data breach.

Additionally, the lawsuit asserts that Swift did not respond to multiple requests for information from Kutouna, which may deepen the grievances.

Attorney Daniel S. Zulkiewicz further stated that Swift neglected to inform Attorney General Letitia James’ office of the breach, as legally required. Confirmation from James’ office supports this assertion.

Kutouna shared that the initial consultation involved requests to email nude images for assessment. After scheduling surgery to remove her implants, she eventually canceled due to relocating out of state.

In July 2025, she reportedly received an email stating, “Your photo from Richard Swift, MD, has been published,” which included the same nude images previously sent, along with a link to a now-offline site containing other patients’ private information.

The site allegedly revealed personal details like names, Social Security numbers, and sensitive medical data, leading Kutouna to feel overwhelmed and fearful, “once these images and personal information are out there, you don’t know who has it or how it will be used,” she noted.

While the site started with 16 patient files, it quickly ballooned to 22, as per the court documents.

Swift’s attorneys argued in their filing that Kutouna had never established a doctor-patient relationship with Swift and claimed there was no promise of notifying her about data breaches—thus, no “practical deception” involved.

When approached for comment, Swift’s office hung up immediately without providing a response. In contrast, another surgeon criticized Swift’s claims as “totally absurd,” asserting that a consultation does create a doctor-patient relationship.

Kutouna mentioned that she had reached out to Swift’s office twice for clarity on the potential breach, but received no reply. Other victims she spoke to complained of similar silence regarding the breach.

Attorney Szarkiewicz lamented that Swift’s failure to communicate had caused significant harm, emphasizing the lack of support from the surgeon despite patients’ pleas.

Kutouna expressed frustration that the site remained active until mid-September. She believes Swift attempted to avoid responsibility, saying, “We think he was basically going to kick the can down the street for as long as he could.” She concluded that mishandling sensitive information undermines trust in a profession where protection should be paramount.