CybersecuritySecurity NewswireCybersecurity News

900,000 Files Exposed by Plastic Surgery Technology Provider NextMotion

healthcare-screen
February 20, 2020

Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database belonging to plastic surgery technology company NextMotion. 

Based in France, NextMotion provides clinics working in dermatology, cosmetic, and plastic surgery with digital photography and video devices for their patients. The company was established in 2015 by a team of plastic surgeons and has grown rapidly: It achieved a global presence in 2019, with 170 clinics worldwide in 35 countries. 

The compromised database contained 100,000s of profile images of patients, uploaded via NextMotion’s proprietary software. These were highly sensitive, including images of patients’ faces and specific areas of their bodies being treated, says the vpnMentor report. 

NextMotion was using an Amazon Web Services (AWS) S3 bucket database to store patient image files and other data but left it completely unsecured, say the researchers. The team had access to almost 900,000 individual files, which included highly sensitive images, video files, and paperwork relating to plastic surgery, dermatological treatments, and consultations performed by clinics using NextMotion’s technology.

The private personal user data the researchers viewed included:

  • Invoices for treatments
  • Outlines for proposed treatments
  • Video files, including 360-degree body and face scans
  • Patient profile photos, both facial and body

The origins of the photos and files within the database were not clear at the time of writing, as there’s little information attached to them. This leak possibly affected NextMotion clients (and their patients) around the world, note the researchers. The exposed paperwork and invoices also contained Personally Identifiable Information (PII) data of patients, which can be used to target people in a wide range of scams, fraud, and online attacks. NextMotion’s database posed a real risk to the people exposed, with wide-ranging privacy and security implications for all those involved, warn the researchers. 

For more information, visit vpnMentor's report

 

 

KEYWORDS: cyber security cybersecurity data breach personally identifiable information (PII) technology

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Related Articles

Related Products

See More ProductsSee More Products

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!