Secure Thoughts worked with security researcher Jeremiah Fowler to uncover how Cense AI leaked 2.5 million medical records, which included names, insurance records, medical diagnosis notes, and a lot more.
The records were labeled as staging data and we can only speculate that this was a storage repository intended to hold the data temporarily while it is loaded into the AI Bot or Cense’s management system. As soon as I could validate the data, I sent a responsible disclosure notice. Shortly after my notification was sent to Cense I saw that public access to the database was restricted.
1: Burn this company down. 2: Sounds like most of the data are from patients in New York.