According to research reports, thousands of images, videos and files related to patients who have undergone plastic surgery have been discovered in an unreliable database that anyone with the right IP address could access. The data they contain 900.000 records, which researchers say could belong to thousands of different patients.
The data comes from clinics from all over the world. The pictures included in archives depict people before and after surgery and often contained nude photos. In addition they included invoice details from which one could identify one of the patients. However the database is now safe.
Researchers Noam Rotem and Ran Locar were the ones who discovered the exposed database. They posted it research them on the vpnMonitor security site.
NextMotion, which states on its website that it has 170 clinics as clients in 35 countries, told its clients that it had encountered the problem. "We immediately took corrective steps and the company itself officially guarantees that defect security was fully addressed, "said NextMotion CEO Emmanuel Elard. Elard also apologized for the "fortunately limited incident".
While NextMotion said there was no information such as names and other identifiers in the database, many of the images show the faces of patients, according to vpnMonitor. Also, some of the invoices describe in detail the types of procedures that patients have undergone, such as scar removal or abdominal surgery, and contain patient names and other identifying information.
Η leakage comes after others that have been carried out in databases that have led to the exposure of personal data of patients and other citizens. The problem emanates from companies moving their customer data to in cloud, without having the proper privacy protocols installed.
NextMotion's website states that it provides a "safe medical cloud" for storing cosmetic surgery files from around the world.