Overview
Severity: CRITICAL | Affected: GenHealth AI | Category: breach
Health-tech firm GenHealth AI has disclosed a critical data breach exposing the sensitive records of approximately 2 million patients. The breach was traced to a misconfigured cloud storage bucket used in their AI model training pipeline for diagnostic imaging. The publicly accessible bucket contained unencrypted patient data, including names, medical record numbers, dates of birth, and thousands of medical scans used for data annotation. The incident was discovered by an independent security researcher who alerted the company. This breach highlights the growing security risks within the MLOps lifecycle, where data pipelines for training and annotation can become a significant attack surface if not properly secured. Regulatory bodies have launched an investigation into potential HIPAA violations.