An unsecured database causes 900,000 patient records to be leaked.

Share on facebook
Share on twitter
Share on reddit
Share on linkedin
Share on email
An unsecured database causes 900,000 patient records to be leaked.

NextMotion, a french imaging company, had an enormous amount of media files and documents about plastic surgery patients in a database unsecured, where those with a valid IP address could access them. The data contained some 900,000 records that could belong to thousands of different patients, according to researchers.

Photos of cosmetic procedures featured before-and-after images in the collection. Researchers said those images also featured nudity. Individual documents contained photos of invoices containing information that would describe a patient. NextMotion took immediate steps to make sure the database is secured.

An unsecured database causes 900,000 patient records to be leaked.

The exposed database was discovered by researchers Noam Rotem and Ran Locar. Rotem said that he all too often sees exposed health care databases as part of his web-mapping project, which searches for exposed data.

NextMotion, which claims to have 170 clinics as customers in 35 countries on its website, said it had addressed the problem in a letter to its clients.

“We immediately took corrective steps, and this same company formally guaranteed that the security flaw had completely disappeared,” said NextMotion CEO Emmanuel Elard in the statement. “This incident only reinforced our ongoing concern to protect your data and your patients’ data when you use the Nextmotion application.”
Elard went to apologize for the “fortunately minor incident.”

Although NextMotion said the photos and videos do not include names or other identifying information, many of the images show the faces of patients, according to vpnMonitor. Some of the invoices detail the types of operations which patients have undergone, such as extraction of acne scars and abdominoplasty, and include patient names and other identification details.

The leak is the latest leakage on data from an unsecured cloud server, a global issue involving a variety of sensitive information. Exposed databases have leaked records of drug rehabilitation patients in the US, Peruvian filmmakers ‘ national identity numbers, and the expected salaries of job seekers worldwide. The concern is that businesses move their customer data into the cloud without adequate privacy protocols in place. This affects many systems, say the researchers.

An unsecured database causes 900,000 patient records to be leaked.

Subscribe to our weekly newsletter!

Get news in your mailbox- Tips and tricks in marketing, tech, compliance and latest in practice management.
Unsubscribe anytime.

stay informed!

Subscribe to receive exclusive content and notifications