It is unclear how many patients have been affected, but police say dozens have come forward to report being blackmailed.
The hackers obtained uncensored "before and after" photos of patients who underwent cosmetic procedures, the Lithuania-based Lrytas TV reported.
Victims have been told to pay up to €2,000 ($3,151) to guarantee nude images, passport copies, social security numbers and other data would not be made public.
The hackers had also demanded that the clinic pay €344,000 ($542,029) in ransom to prevent the data dumping - but it refused.
"Clients, of course, are in shock," said Jonas Staikunas, director of Grozio Chirurgija. "Once again, I would like to apologize.
"Cyber-criminals are blackmailers. They are blackmailing our clients with inappropriate text messages."
The unauthorised collection of personal data in Lithuania is punishable by up to three years in prison.
Police are working with security services in other European countries and have warned that people who download and store the stolen data could also be prosecuted.
The Grozio Chirurgija clinic opened in 2009 and boasts "caring staff and a cozy environment".
It says it is cooperating with authorities "to prevent the unauthorised processing of personal data".
On its website, it warned clients not to open or download anything sent by the blackmailers and to immediately inform the police of any suspicious texts or emails they have been sent.
