Plastic surgery images and invoices were leaked from an unsecured database. Images included patients’ nude bodies, faces, open surgery, before and after pictures, and private parts. The unsecured database from a French company call NextMotion allowed anyone with the right IP address to view it’s file, says researchers from vpnMentor. Some laws that would be violated include HIPAA (Health Insurance Portability and Accountability Act) in the US and GDPR (General Data Protection Regulation) in the European Union.
The leak is one of the latest in data exposure from an unsecured cloud database. The problems stems from companies moving their data to the cloud without having proper privacy protocols in place.
https://www.cnet.com/news/plastic-surgery-images-and-invoices-leak-from-unsecured-database/
Doan's Cybersecurity Blog 