Overview
Severity: CRITICAL | Affected: MedSynth | Category: breach
Healthcare technology company MedSynth announced a significant data breach affecting its AI-driven diagnostic platform. An insecure API endpoint, used for fetching training data for their predictive models, was left exposed without proper authentication. Attackers exploited this vulnerability to exfiltrate a database containing over two million patient records, including sensitive health information, personal identifiers, and diagnostic summaries generated by the AI. The breach was discovered on July 2nd after a security researcher found a portion of the dataset for sale on a dark web forum. MedSynth has since secured the API and notified regulatory bodies. This incident highlights the critical need for robust security practices around the entire AI development lifecycle, especially when handling sensitive personal data.