This is part of the disclosure notice by a security researcher (emphasis mine):
On July, 7th I discovered 2.5 million records that appeared to contain sensitive medical data and PII (Personally Identifiable Information).
The records included names, insurance records, medical diagnosis notes, and much more. Upon further research, there were multiple references to an artificial intelligence company called Cense. The records were labeled as staging data and we can only speculate that this was a storage repository intended to hold the data temporarily while it is loaded into the AI Bot or Cense’s management system2.5 Million Medical Records Leaked By AI Company
I have been stressing on enterprise security and I reiterate that it is an expanded and shared responsibility across the spectrum. As clinicians we must know the data we generate- because we are the stakeholders. Therefore, I feel that we have more than a passing responsibility to understand the processes at play.