Overview
Severity: CRITICAL | Affected: SynthHealth AI | Category: breach
Healthcare technology firm SynthHealth AI has disclosed a catastrophic data breach affecting approximately 15 million patients. Attackers exploited a vulnerability in the company's publicly accessible diagnostic imaging AI model. Using a sophisticated model inversion technique, they were able to reconstruct sensitive training data by sending carefully crafted queries to the model's API. The compromised data includes patient names, birth dates, diagnostic images, and clinical notes. This incident is a stark reminder of the privacy risks inherent in deploying AI models trained on sensitive data. Security experts note that the attack did not require compromising SynthHealth's internal networks, but instead leveraged the public-facing model as a side-channel to leak its underlying training dataset. The company has suspended the API and is now facing multiple class-action lawsuits and a federal investigation.