Secure Thoughts worked with security researcher Jeremiah Fowler to uncover how Cense AI leaked 2.5 million medical records, which included names, insurance records, medical diagnosis notes, and a lot more.

The records were labeled as staging data and we can only speculate that this was a storage repository intended to hold the data temporarily while it is loaded into the AI Bot or Cense’s management system. As soon as I could validate the data, I sent a responsible disclosure notice. Shortly after my notification was sent to Cense I saw that public access to the database was restricted.

1: Burn this company down. 2: Sounds like most of the data are from patients in New York.

Check It Out: AI Company ‘Cense AI’ Leaks 2.5 Million Medical Records

One Comment Add a comment

  1. wab95

    Andrew:

    We are well-passed the time when companies should be held liable for data breaches and acts of negligence that result in data exposure, but especially where high value data are concerned, such as personal health data with personal identifiers attached.

    When companies are fined into bankruptcy, and when they have to begin purchasing liability insurance with stratospheric premiums, such as in medical malpractice insurance, simply to avoid bankruptcy, they will come to realise that their business has life-altering consequences to human beings, and must be safeguarded as if someone’s well-being and/or life depended on it, because in fact, it does.

    The consequences to a health professional in private practice for such an event would be catastrophic, if not career-ending. That an AI company, or any other concern, lacks medical qualifications or expertise should not be an excuse or a ‘get out of jail free card’ – in fact, that is the point.

    Get serious. Get professional. Or get out of the business.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account