Overview
Severity: CRITICAL | Affected: CogniCare | Category: breach
CogniCare, a prominent AI-powered healthcare diagnostics firm, disclosed a significant data breach affecting its cloud infrastructure. The breach, which occurred in late May, exposed the personal and medical data of approximately two million patients. Attackers exploited a misconfigured API gateway in CogniCare's proprietary diagnostic AI model, 'Synapse-7'. This allowed them to exfiltrate sensitive data, including patient names, diagnostic images, and AI-generated medical reports. The company stated that the vulnerability was patched within hours of discovery, but the data had already been copied. This incident highlights the critical need for robust security postures for AI systems handling sensitive PII and PHI, as model APIs can become a primary attack vector. Regulatory bodies have launched an investigation into the company's data handling and security practices.