Other leaked records include videos, facial and body scans, as well as a range of patients’ personal data
Hundreds of thousands of records belonging to plastic surgery patients have been discovered sitting on an unprotected server and accessible for anyone to view. The records were stored on an Amazon Web Services (AWS) S3 bucket database belonging to NextMotion, a plastic surgery technology company that provides imaging solutions to clinics around the world.
Researchers at vpnMentor, who uncovered the leak, were able to access some 900,000 individual records. These ranged from before-and-after images and videos of cosmetic procedures to records of a highly sensitive nature, including graphic photos of the patients’ private body parts. The origin of the records in the database is not clear but it can be assumed that the leak affected NextMotion clients.
Besides patient facial and body photos, the trove of information included invoices, outlines of proposed treatments, and video files including 360-degree face and body scans. The invoices detailed the medical procedures, their costs, dates when they were performed, and personal information that could help identify patients.
All things considered; the data could allow hackers with malicious intent to create a comprehensive portrait of their potential victims. The patients could then easily become targets of identity theft, phishing, financial fraud or even sextortion, where criminals use intimate material to demand a ransom.
NextMotion CEO Dr. Emma ..
Support the originator by clicking the read the rest link below.
