I’ve reported on a number of hacks and leaks involving plastic surgery centers where nude photos of identifiable patients wind up exposed or in bad actors’ hands.
Sergiu Gatlan reports on yet another leak. This one exposed hundreds of thousands of documents in a misconfigured Amazon AWS S3 bucket owned by NextMotion, a French plastic surgery tech firm that provides imaging and patient management services to 170 plastic surgery clinics in 35 countries. Gatlan reports:
NextMotion’s CEO said in a press release that the patient data stored in the leaky database “had been de-identified – identifiers, birth dates, notes, etc. – and thus was not exposed.”
Except that not all the data was de-identified, as the vpnMentor researchers pointed out.
Read more on BleepingComputer.