Overview
Severity: CRITICAL | Affected: Aethera Health | Category: breach
Aethera Health, a leading provider of AI-driven diagnostic tools, has confirmed a significant data breach affecting approximately 5 million patient records. The breach was discovered on March 5, 2025, after attackers exploited a vulnerability in a third-party machine learning operations (MLOps) library used for model training and deployment. The exposed data includes patient names, diagnostic images, and AI-generated clinical notes, though financial information was not compromised. Attackers reportedly gained access by poisoning a training data pipeline, which allowed them to execute arbitrary code within Aethera's cloud environment. This incident highlights the growing attack surface introduced by complex AI supply chains and the critical need for robust security vetting of third-party dependencies in sensitive sectors like healthcare. The company is now working with federal investigators and has begun notifying affected individuals.