Databases leak exposed 900K plastic surgery records with nude photos

Leaked images, many of them graphic nude photos, were from imaging firm NextMotion in France

Internet security researchers found an insecure (but now secured) database online that contained about 900,000 records belonging to potentially thousands of different plastic surgery patients. The exposed data included photos of the patients’ nude bodies, and lots of other personally identifying information.


Here is the research claim, published by VPN Mentor on February 14, today, Valentine’s Day:
Report: 1,000s of Plastic Surgery Patients Exposed in Massive Data Leak


Reports Laura Hautala at CNET:

The data was generated at clinics around the world using software made by French imaging company NextMotion. Images in the database included before-and-after photos of cosmetic procedures. Those photos often contained nudity, the researchers said. Other records included images of invoices that contained information that would identify a patient. The database is now secured.

Researchers Noam Rotem and Ran Locar found the exposed database. They published their research with vpnMentor, a security website that rates VPN services and earns commissions when readers make purchases. Rotem said he sees exposed health care databases all too often as part of his web-mapping project, which looks for exposed data.

“The state of privacy protection, especially in health care, is really abysmal,” Rotem said.

NextMotion responded to the report with a statement from CEO Emmanuel Elard. An excerpt: “We immediately took corrective steps and this same company formally guaranteed that the security flaw had completely disappeared. This incident only reinforced our ongoing concern to protect your data and your patients’ data when you use the Nextmotion application.”

Elard apologized for the “fortunately minor incident.”

Read more:Plastic surgery images and invoices leak from unsecured database
[Reporting by Laura Hautala, CNET, February 14, 2020 8:28 AM PST]

[via techmeme.com]