Dozens of patients of a premier Manhattan plastic surgeon had their hacked nude images and social security numbers posted online — and the doctor failed to notify both his clients and the authorities, according to a class action lawsuit.
Dr. Richard Swift’s office, located on the monied Upper East Side, was hacked in an alleged malware attack last year, with a Russian-hosted website featuring sensitive information of at least 22 patients, the suit claims.
Linda Qutawna was one of the clients, alleging that images of her breasts as part of a consultation were hacked and published online — and she only found out when the hackers reached out to her directly.
Qutawna, who first contacted Swift’s office in 2023 to remove breast implants, told The Post that the experience has been “traumatizing” and “humiliating.”
“He just didn’t want to take any accountability or acknowledge it, or even reassure us… That’s the bare minimum that we were looking for,” she said. “But he didn’t.”
The lawsuit blames Swift’s “inadequately protected computer systems” for the hack and alleges that the surgeon “failed to adhere to his statutory duty to alert his patients that his firm suffered from a data breach.”
The doc also “ignored repeated requests for information from [Qutawna],” court papers claim.
In addition, attorney Daniel S. Szalkiewicz alleged that Swift never informed Attorney General Letitia James’ office about the data breach, as required by law.
James’ office confirmed to The Post on Thursday that Swift has not reported any data breach.
Qutawna claims in the suit that she was told to send nude images of her “exposed breasts” to the office via email.
She then scheduled a surgery to remove the implants, but later canceled it prior to moving out of state.
In July 2025, an email arrived in Qutawna’s inbox with the subject line: “Your photos from Richard Swift MD have been published,” according to the suit.
The message contained three nude images she emailed the office two years earlier, and a link to a now-offline website.
That site also contained patient names, social security numbers, medical and financial information — and naked images of patients, including of their breasts and genitalia, Qutawna claims.
“I was terrified and overwhelmed,” she said, “because once those images and your identifying information are out there, you don’t know who has them or how they’ll be used.”
At first, the site had 16 patient files, but soon it grew to 22 individuals, according to the suit.
Lawyers for Swift insisted in a filing that “Linda Qutawna has never had a doctor-patient relationship, or any other form of relationship, with Dr. Swift.”
And because Swift never made a promise to notify her of any data breach, it was not “actionable deception” when she was left in the dark, attorney Justin Kelton said in the court papers.
When contacted by The Post, Swift’s office declined to comment — and promptly hung up.
However, another plastic surgeon told The Post that Swift’s claim is “total bulls–t.”
“A consultation establishes the doctor-patient relationship.”
Kelton did not respond to The Post’s repeated requests for comment.
Qutawna said she contacted Swift’s office twice to ask about a possible breach and what actions they were taking, but received no response.
Three other victims Qutawna spoke with said they had also not received any information about the breach, the suit alleges.
Szalkiewicz said Swift “caused immense harm” by not alerting patients.
“What’s worse is that the doctor then ignored pleas for help,” the attorney said.
The site wasn’t taken down until mid-September, Qutawna claimed.
“We think that he was basically just gonna kick the can down the road for as long as he could, and just pretend it never happened,” she said.
“When a doctor mishandles your most intimate information, it undermines the one place where you’re required to be vulnerable and trust that you’re going to be protected.”
Read the full article here
