Serviceaide Agentic AI company leaks data of 483,000 Catholic Health patients
Learn More
Serviceaide, a California-based provider of agentic artificial intelligence-based IT management and workflow software, is reporting a data breach affecting approximately 483,000 patients of Catholic Health, a healthcare network in western New York.
The incident was caused by a inadvertently misconfigured Elasticsearch database that was publicly accessible on the internet for nearly two months and contained sensitive patient information.
Serviceaide discovered on November 15, 2024, that "certain information within its Catholic Health Elasticsearch database was inadvertently made publicly available." The investigation determined that the exposure occurred between September 19, 2024, and November 5, 2024, creating a window of approximately 47 days during which sensitive patient data was potentially accessible to anyone on the internet.
Serviceaide locked down the database and initiated an investigation. While the company stated that its investigation "did not identify any evidence that information was copied," they are unable to conclusively rule out unauthorized access or data exfiltration. The exposed data includes:
- Names
- Social Security numbers
- Dates of birth
- Medical record numbers
- Patient account numbers
- Medical and health information
- Health insurance information
- Prescription and treatment information
- Clinical information
- Provider names
- Provider locations
- Email usernames and passwords
The company is offering affected individuals 12 months of complimentary credit and identity monitoring services and is in the process of sending notification letters to all potentially affected patients.
Catholic Health has posted a brief statement on its website acknowledging the incident, describing it as a data breach resulting in "limited patient information being exposed online." The healthcare network has referred concerned patients to the more detailed breach notice posted on Serviceaide's website.
As of the breach notification date, several class action law firms had already issued public notices indicating they are investigating the incident for potential lawsuits against Serviceaide and potentially Catholic Health.
