CYBER SECURITY: 1,000s of Plastic Surgery Patients Exposed in Massive Data Leak
Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached
database belonging to plastic surgery technology company NextMotion.
NextMotion provides clinics working in dermatology, cosmetic, and plastic surgery with
digital photography and video devices for their patients.
The compromised database contained 100,000s of profile images of patients, uploaded via
NextMotion’s proprietary software. These were highly sensitive, including images of patients’
faces and specific areas of their bodies being treated.
This breach made NextMotion, its clients, and their patients incredibly vulnerable and
represented a significant lapse in the company’s data privacy policies.
Based in France, NextMotion was established in 2015 by a team of plastic surgeons to offer clinics:
“digital & cutting edge technology tools that will help solve the before & after imaging issues,
reassure your patients, simplify your data management and improve your e-reputation.”
The company has grown rapidly. It achieved a global presence in 2019, with 170 clinics worldwide in
35 countries, and a €1m investment for further global expansion.
Sometimes, the extent of a data breach and the owner of the data are obvious, and the issue quickly
resolved. But rare are these times. Most often, we need days of investigation before we understand
what’s at stake or who’s leaking the data.
Understanding a breach and its potential impact takes careful attention and time. We work hard to
publish accurate and trustworthy reports, ensuring everybody who reads them understands their
Some affected parties deny the facts, disregarding our research, or playing down its impact.
So, we need to be thorough and make sure everything we find is correct and accurate.
In this case, the database was named after the company, so we quickly identified NextMotion as
the potential owner. We investigated further to ensure this was correct before moving forward.
You can click her to read/download the full report
Meanwhile Data Leaks in the Medical Industry Continue. Chase Williams at Wizcase has reported
to GEO´ that after their previous report on database leaks from medical websites around the world,
WizCase’s security team diligently continued their research. They discovered 3 additional
unsecured medical databases with confidential information, including full names, passport
numbers, birth dates, addresses, and phone numbers.
These databases were found in the context of performing research to help companies secure
their data. They were left unencrypted and required no password to access the sensitive
Every company and their hosting provider has been contacted with the security team’s findings.
Our goal is to inform them of the leaks so they can secure the exposed servers, protecting their
patients’ private information.
You can click her to read/download the full reportSyndicated By Iain Fraser – Editor-at-Large
City of London Newsroom
Broadcasting Daily from Gibraltar Newsroom our dedicated desk editors and newsdesk team of Professional Journalists and Staff Writers work hand in hand with our established network of highly respected Correspondents & regional/sector specialist Analysts strategically located around the Globe (HUMINT) Our individual Desk Editors all have specific subject authority as Journalists, Researchers and Analysts covering AI, Autonomous Transport, Banking & Finance Technology, Cybersecurity, GeoCrime, Defence 3.0, Energy & Renewables, BioEconomy and Transport & Logistics.
Contact the NewsTeam at [email protected]
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.