Overview
Severity: CRITICAL | Affected: BioSynth Genetics | Category: breach
Health-tech firm BioSynth Genetics disclosed a major data breach affecting approximately 2 million patients. Attackers exploited an API vulnerability in their proprietary AI-powered diagnostic tool, 'GeneView.' The tool, used by hospitals to analyze genetic data for disease prediction, had an insecure endpoint that allowed unauthorized access to its underlying patient database. The exposed data includes highly sensitive patient information, genetic markers, and AI-generated diagnostic predictions. The breach was discovered after researchers found portions of the dataset for sale on a dark web forum. BioSynth stated that the vulnerability stemmed from improper authentication checks in a recently updated microservice. The company has since patched the vulnerability and is now facing significant regulatory scrutiny under HIPAA and GDPR, with potential fines reaching into the hundreds of millions.