Optum AI Chatbot Exposed Online, Used to Handle Claim Inquiries

Healthcare giant Optum has restricted access to an internal AI chatbot after a security researcher discovered it was publicly accessible online. The chatbot, which employees used to ask questions about claims and standard operating procedures (SOPs), was accessible without a password through a public IP address. Internal Chatbot Exposed The chatbot, dubbed "SOP Chatbot," was intended to help employees navigate patient health insurance claims and disputes. While the chatbot did not directly contain sensitive patient data, its exposure comes at a time when its parent company, UnitedHealthcare, faces criticism for using AI to deny patient claims. Mossab Hussein, a security researcher from spiderSilk, alerted TechCrunch to the vulnerability. The tool, while hosted on an internal Optum domain, was accessible through its public IP address without requiring authentication. Chatbot Usage and Data According to a dashboard on the chatbot, Optum employees had used the tool hundreds of times…