Overview
Severity: CRITICAL | Affected: MedSynth | Category: breach
MedSynth, a prominent healthcare AI company specializing in diagnostic models, has confirmed a major data breach exposing the protected health information (PHI) of approximately 2 million patients. The breach originated from a misconfigured cloud storage bucket linked to their AI data annotation and training pipeline. The publicly accessible bucket contained a trove of sensitive data, including unanonymized patient scans, clinical notes, and personal identifiers used for model training. This incident highlights the growing risks in complex MLOps environments where large datasets are processed. Regulatory bodies have launched investigations into potential HIPAA violations. The breach serves as a critical reminder of the need for stringent security controls throughout the entire AI development lifecycle, from data ingestion to model deployment, especially when handling sensitive information.