CYBER SECURITY: 1,000s of Plastic Surgery Patients Exposed …

CYBER SECURITY: 1,000s of Plastic Surgery Patients Exposed in Massive Data Leak Led by Noam Rotem and Ran Locar, vpnMentor’s research team recently discovered a breached database belonging to plastic surgery technology company NextMotion. NextMotion provides clinics working in dermatology, cosmetic, and plastic surgery with digital photography and video devices for their patients. The compromised database contained 100,000s of profile images of patients, uploaded via NextMotion’s proprietary software. These were highly sensitive, including images of patients’ faces and specific areas of their bodies being treated. This breach made NextMotion, its clients, and their patients incredibly vulnerable and represented a significant lapse in the company’s data privacy policies. Based in France, NextMotion was established in 2015 by a team of plastic surgeons to offer clinics: “digital & cutting edge technology tools that will help solve the before & after imaging issues, reassure your patients, simplify your data management and improve your e-reputation.” The company has grown rapidly. It achieved a global presence in 2019, with 170 clinics worldwide in 35 countries, and a €1m investment for further global expansion. Sometimes, the extent of a data breach and the owner of the data are obvious, and the issue quickly resolved. But rare are these times. Most often, we need days of investigation before we understand what’s at stake or who’s leaking the data. Understanding a breach and its potential impact takes careful attention and time. We work hard to publish accurate and trustworthy reports, ensuring everybody who reads them understands their seriousness. Some affected parties deny the facts, disregarding our research, or playing down its impact. So, we need to be thorough and make sure everything we find is correct and accurate. In this case, the database was named after the company, so we quickly identified NextMotion as the potential owner. We investigated further to ensure this was correct before moving forward. You can click her to read/download the full report Meanwhile Data Leaks in the Medical Industry Continue. Chase Williams at Wizcase has reported to GEO´ that after their previous report on database leaks from medical websites around the world, WizCase’s security team diligently continued their research. They discovered 3 additional unsecured medical databases with confidential information, including full names, passport numbers, birth dates, addresses, and phone numbers. These databases were found in the context of performing research to help companies secure their data. They were left unencrypted and required no password to access the sensitive information within. Every company and their hosting provider has been contacted with the security team’s findings. Our goal is to inform them of the leaks so they can secure the exposed servers, protecting their patients’ private information. You can click her to read/download the full report Syndicated By Iain Fraser – Editor-at-Large City of London Newsroom