Overview
Severity: CRITICAL | Affected: SynthCare AI | Category: breach
Healthcare technology firm SynthCare AI announced a significant data breach impacting approximately two million patients. The attackers exploited a publicly accessible diagnostic imaging model using a sophisticated model inversion attack. This technique allowed the threat actors to reverse-engineer the AI model to reconstruct sensitive data points from its training dataset. Exposed information includes patient PII, partial medical histories, and diagnostic notes which were inadvertently memorized by the model during the training phase. The incident highlights the critical privacy risks associated with deploying complex AI systems without robust safeguards against data reconstruction. SynthCare AI has taken the affected model offline and is working with cybersecurity experts to investigate the full scope of the breach. The company is now facing regulatory scrutiny under HIPAA and GDPR for failing to adequately protect patient health information.