Thousands of photos, videos and records related to plastic surgery patients have been left on an insecure database where they can be viewed by anyone with the right IP address, the The researcher said Friday. The data included about 900,000 records, which the researchers said could belong to thousands of different patients.
The data was created at clinics around the world using software produced by French imaging company NextMotion. Images in the database include front and back images of cosmetic procedures. The photos often contain nudity, the researchers said. Other records include pictures of bills containing information that will identify a patient. The database is currently confidential.
Researchers Noam Rotem and Ran Locar found the database exposed. They have published their research with vpnMonitor, a security site. Rotem said he sees health care databases exposed too often as part of his web mapping project, looking for exposed data.
"The state of protecting privacy, especially in healthcare, is …