This Week Health
SOAR 2024 Bluebird Leaders This Week HealthAlex's Lemonade Stand This Week Health
<- Back to Insights
August 15, 2024

Compromising Microsoft's AI Healthcare Chatbot Service

Tenable Blog
|
Contributed by: Drex DeFord
Summary
Tenable Research discovered critical security vulnerabilities in Microsoft's Azure Health Bot Service that allowed access to cross-tenant resources due to server-side request forgery (SSRF) flaws. The Azure Health Bot Service enables healthcare providers to deploy AI-powered virtual assistants to streamline administrative workflows and interact with sensitive patient data. Tenable found that by exploiting the “Data Connections” feature, they could bypass filters and access internal metadata and customer resources. Microsoft promptly addressed these issues by implementing fixes across all affected regions, ensuring no customer action was necessary. A similar vulnerability was also found in endpoints validating FHIR data connections, but it did not allow cross-tenant access. Both issues have now been resolved, emphasizing the need for robust web and cloud security in AI services.

Explore Related Topics

Subscribe Now to Receive Seven Top Stories Daily to Your Inbox

Subscribe News
Healthcare Transformation, Powered by Community

© Copyright 2024 Health Lyrics All rights reserved