"To Lena Health: You stored 2,134 patients' complete PHI in an unencrypted database export sitting in a public-facing S3 bucket. You stored 19,542 audio recordings of vulnerable elderly patients discussing erectile dysfunction, incontinence, gangrene, heart surgery, opioid prescriptions, and other deeply embarrassing medical conditions. Also in the Twilio data there are the transcriptions of all these calls, but we are holding off to post these until we can fully redact the last names."
"Listening to these confused patients talking to Lena, this company's "digital helper", about their private medical issues is a deeply disturbing and uncanny experience. They repeatedly ask Lena what's wrong with her, why she sounds so weird, but even worse somehow are the patients who do not seem to notice they are not speaking with a human. It is deeply dehumanizing, and profoundly depressing to hear these elderly people -"
A group is working with a plaintiff attorney to contact victims and coordinate a class action and pressure Houston Methodist to stop using Lena Health. Lena Health stored 2,134 patients' complete PHI in an unencrypted public-facing S3 bucket and retained 19,542 audio recordings of elderly patients discussing highly sensitive medical conditions. Twilio transcriptions of all calls exist but will not be posted until last names and other sensitive fields are fully redacted to avoid further harm. The recordings reveal patients mistaking an LLM-based coordinator for a human, producing dehumanizing interactions and raising serious privacy and negligence concerns.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]