Overview
Severity: CRITICAL | Affected: NeuroHealth AI | Category: breach
NeuroHealth AI, a prominent developer of AI-powered diagnostic tools, has disclosed a critical security breach affecting approximately two million patients. Attackers exploited a previously unknown vulnerability in the company's proprietary diagnostic model API. According to the disclosure, the threat actors used a sophisticated model inversion attack to reconstruct sensitive patient data, including diagnostic notes, medical imagery metadata, and personal identifiable information (PII), from the model's API responses. The incident highlights a new frontier of AI-specific vulnerabilities beyond traditional infrastructure security. Security experts note that organizations deploying AI are often underprepared for attacks targeting the model itself. Federal regulators have launched an investigation into potential HIPAA violations, and the breach has ignited a broader conversation about the need for stringent security auditing and testing protocols for AI systems handling sensitive health information.