UnitedHealthcare's Optum Left an AI Chatbot, Used By Employees To Ask Questions About Claims, Exposed To the Internet - Slashdot
Dec 13, 2024 - yro.slashdot.org
Healthcare company Optum has limited access to an internal AI chatbot after a security researcher discovered it was publicly accessible online. The chatbot, designed for employees to inquire about handling patient health insurance claims according to the company's standard operating procedures, was exposed due to its public IP address, which did not require a password for access. Although the chatbot did not contain sensitive personal or health information, its exposure raises concerns amid scrutiny of its parent company, UnitedHealthcare, for allegedly using AI tools to override medical decisions and deny claims.
The security lapse was identified by Mossab Hussein, chief security officer at cybersecurity firm spiderSilk, who informed TechCrunch about the issue. The chatbot, named "SOP Chatbot," was hosted on an internal Optum domain but was accessible via its IP address from the internet. This incident highlights the importance of securing internal tools, especially as UnitedHealthcare faces criticism for its AI practices in healthcare decision-making.
Key takeaways:
Optum restricted access to an internal AI chatbot after it was found to be publicly accessible online.
The chatbot allowed employees to ask questions about handling patient health insurance claims according to company SOPs.
Although the chatbot did not contain sensitive personal information, its exposure raises concerns amid scrutiny of UnitedHealthcare's AI practices.
The security issue was discovered by Mossab Hussein from cybersecurity firm spiderSilk, who noted the chatbot's IP address was publicly accessible without a password.
