Overview
Severity: CRITICAL | Affected: CuraHealth | Category: breach
CuraHealth, a leading provider of AI-driven diagnostic imaging analysis, announced a major data breach affecting approximately 2 million patients. Attackers exploited a vulnerability in the platform's public-facing diagnostic API, using a sophisticated model inversion technique. By sending carefully crafted queries to the AI model, they were able to reconstruct sensitive training data, including patient PII and snippets of medical images that were inadvertently retained in the model's parameters. This incident highlights the severe privacy risks associated with deploying complex AI models without adequate data sanitization and privacy-preserving training methods. The company has suspended the API and is working with federal regulators. The breach underscores the growing threat of data reconstruction attacks against production AI systems.