Tenable Research discovered critical security vulnerabilities in Microsoft's Azure Health Bot Service that allowed access to cross-tenant resources due to server-side request forgery (SSRF) flaws. The Azure Health Bot Service enables healthcare providers to deploy AI-powered virtual assistants to streamline administrative workflows and interact with sensitive patient data. Tenable found that by exploiting the “Data Connections” feature, they could bypass filters and access internal metadata and customer resources. Microsoft promptly addressed these issues by implementing fixes across all affected regions, ensuring no customer action was necessary. A similar vulnerability was also found in endpoints validating FHIR data connections, but it did not allow cross-tenant access. Both issues have now been resolved, emphasizing the need for robust web and cloud security in AI services.

Compromising Microsoft's AI Healthcare Chatbot Service Tenable Blog

Hospitals are increasingly adopting home-based healthcare services, shifting some treatments traditionally administered in hospital settings to patients' residences. This approach aims to alleviate hospital congestion, lower healthcare costs, and offer more personalized care. Advances in telemedicine and remote monitoring technology support this transition, allowing medical professionals to oversee patient recovery and administer treatments remotely. Key challenges include ensuring consistent quality of care, managing logistics, and overcoming regulatory and insurance hurdles.

Hospitals’ New Push: Treating Patients in Their Homes Wall Street Journal

Mayo Clinic is collaborating with SandboxAQ, a startup spun out of Alphabet, to research an AI-enhanced medical device for cardiac diagnostics. The device, known as CardiAQ, utilizes quantum sensing and advanced AI algorithms to enable non-invasive, rapid, and accurate cardiac assessments. The initiative aims to improve clinical diagnosis for conditions like heart attacks, potentially reducing hospital admissions and medical costs. The study involves around 150 patients and is set to run at Mayo Clinic through 2024 and 2025. If successful, the technology could revolutionize cardiac care by providing real-time, bedside diagnostic capabilities.

Mayo Clinic taps startup SandboxAQ to study new tech—quantum sensing and AI—for cardiac diagnostics Fierce Healthcare

On August 10, 2024, McLaren Health Care, a nonprofit health care organization in Michigan, was hit by an INC Ransom ransomware attack, disrupting their IT and phone systems. An investigation was launched following the attack, with patients urged to keep appointments unless otherwise informed, and to bring medical documentation to visits due to lost access to patient databases. This incident follows a significant data breach they disclosed in November 2023, exposing personal information of over 2.1 million individuals. McLaren is enhancing its security protocols and offering 12 months of identity protection services to affected individuals.

Is the INC ransomware gang behind the attack on McLaren hospitals? SecurityAffairs