A plastic surgery software service leaked thousands of patient photos, videos and invoices on an unsecured database, security researchers said Thursday. This stock photo didn’t come from that exposure.
Thousands of images, videos and records pertaining to plastic surgery patients were left on an unsecured database where they could be viewed by anyone with the right IP address, researchers said Friday. The data included about 900,000 records, which researchers say could belong to thousands of different patients.
The data was generated at clinics around the world using software made by French imaging company NextMotion. Images in the database included before-and-after photos of cosmetic procedures. Those photos often contained nudity, the researchers said. Other records included images of invoices that contained information that would identify a patient. The database is now secured.
Researchers Noam Rotem and Ran Locar found the exposed database. They published their research with vpnMonitor, a security website. Rotem said he sees exposed health care databases all too often as part of his web-mapping project, which looks for exposed data.
“The state of privacy protection, especially in health care, is really abysmal,” Rotem said.