Photos and personal information belonging to patients of the NextMotion plastic surgery tech firm have been exposed online through an unsecured S3 bucket.
Hundreds of thousands of documents containing photos and personal information belonging to patients of the plastic surgery technology company NextMotion have been exposed online through an unsecured Amazon Web Services (AWS) S3 bucket.
NextMotion is a French plastic surgery tech company that provides imaging and patient management software that allows complete treatment records on an aesthetic patient.
The software is able to create before and after pictures and videos of patients during the treatment process.
“Nextmotion is an ecosystem based on a medical cloud that allows you to sort, store and access your data wherever you are,” states the company on its website.
“In that sense, all your data is covered with the highest requested security level as it is hosted in France on servers authorized by the Haute Autorité de Santé (French Health Authority) – in our case, AWS who is certified.”
The S3 bucket contained approximately 900,000 files, including highly sensitive patient images and videos, as well as plastic surgery, and consultation documents.
“The compromised database contained 100,000s of profile images of patients, uploaded via NextMotion’s proprietary software. These were highly sensitive, including images of patients’ faces and specific areas of their bodies being treated.” reads the post published by vpnMentor. “Our team had access to almost 900,000 individual files. These included highly sensitive images, video files, and paperwork relating to plastic surgery, dermatological treatments, and consultations performed by clinics using NextMotion’s technology.”
The personal patients’ information viewed by the experts included invoices for treatments, outlines ..
Support the originator by clicking the read the rest link below.
