Overview
Severity: CRITICAL | Affected: HealthMind Inc. | Category: breach
HealthMind Inc., a prominent AI-driven diagnostic service, has disclosed a critical data breach affecting approximately 5 million patients. Attackers leveraged a sophisticated model inversion attack targeting the company's publicly accessible diagnostic API. By sending a high volume of structured queries and analyzing the model's probability scores for different outputs, they were able to reconstruct sensitive training data. This data, which was thought to be anonymized, was successfully de-anonymized through the attack, re-linking patient names to specific diagnoses, genetic markers, and treatment histories. The incident exposes the severe privacy risks of training AI on sensitive data, even with standard anonymization techniques. HealthMind has suspended the affected API and is now facing multiple class-action lawsuits and a federal investigation for potential HIPAA violations.