Company chatbots are hit or miss when it comes to serving up useful information, and they may not be ready to handle sensitive health data.As Dark Reading reports, cybersecurity researchers at Tenable discovered “critical vulnerabilities” with Microsoft’s Azure Health Bot Service that could have put people’s health data at risk. Azure’s bot service is a cloud platform that helps healthcare professionals deploy AI-powered virtual health assistants. Organizations can create experiences that work alongside human employees to help manage administrative workflows and better engage with patients. And for that to work, the bot needs access to some patient information.The Azure Health Bot Service includes a data-connection component that allow bots “to interact with external data sources to retrieve information from other services that the provider may be using, such as a portal for patient information or a reference database for general medical information,” Tenable says.However, researchers found they could connect “using a malicious external host, and [set] that up to respond to any queries from the platform with 301 or 302 redirect codes indicating that the web page had been permanently moved,” Dark Reading explains. “Those redirect responses were sent back to the [service’s internal metadata service], which in turn responded with metadata that leaked the access tokens.”
Recommended by Our Editors
Ultimately, the bug gave Tenable access to “hundreds and hundreds of resources belonging to other customers.”Tenable notified Microsoft in June and it issued a fix. Tenable also got a bug bounty, but says “no evidence was discovered that indicated this issue had been exploited by a malicious actor.”
Get Our Best Stories!
Sign up for What’s New Now to get our top stories delivered to your inbox every morning.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
About Emily Price
Weekend Reporter
Read the latest from Emily Price
