Overview
Severity: CRITICAL | Affected: GenHealth AI | Category: breach
Healthcare technology firm GenHealth AI has reported a critical data breach affecting approximately two million patients. The breach occurred due to an improperly secured API endpoint connected to one of their primary machine learning training environments. The exposed endpoint allowed unauthorized actors to access and exfiltrate a vast dataset used for training a diagnostic imaging AI. The compromised data includes sensitive patient information such as names, birth dates, medical record numbers, and in some cases, raw diagnostic images and associated clinical notes. GenHealth AI's security team discovered the breach during a routine audit and has since secured the endpoint. The company is now working with federal law enforcement and has begun notifying affected individuals. This incident highlights the significant risks of unsecured infrastructure supporting AI development in sensitive sectors like healthcare.