A cosmetic software service company has leaked thousands of patient photos, videos and invoices in an unsecured database, security researchers said Thursday. “Thousands of pictures, videos and records of cosmetic surgery patients are kept in an unsecured database that anyone with the correct IP address can access. The data include about 900,000 records. “The researchers say the records may belong to thousands of different patients.
The data was generated by global clinics using software from NextMotion, a French imaging company. The images in the database include photos before and after cosmetic surgery. The researchers say images, including nudity and invoices, can identify patient information. It is reported that the database is still safe.
Researchers Noam Rotem and Ran Locar found the exposed database.
“The state of privacy protection, especially in health care, is a terrible one,” Rotem said. NextMotion says on its website that it has 170 clinic clients in 35 countries. In a statement to customers, the company said it had resolved the issue.
“We took immediate corrective action to ensure that the security breach has completely disappeared,” NextMotion CEO Emmanuel Elard said in a statement. This incident will only reinforce our ongoing interest in protecting your data and your patient data. “
While NextMotion says the photos and videos do not include names or other identifying information, many of the images show the patient’s face, according tomedia. Some invoices detail the types of surgery the patient receives, such as acne removal, scarring and abdominal plastic surgery, and contain the patient’s name and other identifying information.
The breach is the latest exposure of unsecured cloud database data, a global issue affecting a range of sensitive information. The leaked database revealed the records of drug addicts in the United States, the national identity numbers of Peruvian moviegoers, and the expected salaries of job seekers around the world. The problem stems from the company’s transfer of customer data to the cloud without appropriate privacy protocols. The researchers say the incident affected numerous databases.
‘It’s not clear how many patients’ information is exposed to the NextMotion database because each patient may have multiple records in the system, ‘ Mr. Rotem said. The leak could involve thousands of patients.
NextMotion’s website says its servers in France provide a “safe medical cloud” to store records for beauty clinics around the world.