CyberSecurity updates
2024-12-26 12:14:11 Pacfic

UnitedHealthcare AI chatbot exposed to internet - 12d
Read more: techcrunch.com

UnitedHealthcare's Optum recently experienced a security lapse, exposing an internal AI chatbot to the public internet. This chatbot, designed for employees to ask questions about claims and related procedures, was accessible without a password. A security researcher discovered the vulnerability, and TechCrunch was able to verify it before Optum took the chatbot offline. While it's not believed that the chatbot contained sensitive patient data, its exposure raises concerns about the security practices surrounding internal AI tools, particularly as UnitedHealth faces scrutiny over its broader use of AI. The chatbot, described by an Optum spokesperson as a "demo tool" for proof of concept, maintained a history of employee inquiries, including questions like "What should be the determination of the claim" and "How do I check policy renewal date." Interestingly the bot also produced a seven paragraph rhyming poem about denying health claims when asked. Optum has since stated that the tool was never put into production and the site is no longer accessible. They have confirmed that the tool did not use or contain any protected health information.