Security

Optum's Exposed AI Chatbot Raises Security and Ethical Concerns

Leakite

Updated: January 1, 2025

Optum's AI Chatbot Exposed

Optum, a healthcare giant, restricted access to its internal AI chatbot after a security researcher discovered its public accessibility. The chatbot, used by employees to handle patient health insurance claims and disputes, was accessible via a public IP address without a password. While the chatbot didn't contain sensitive patient data, its exposure raises concerns amidst scrutiny of Optum's parent company, UnitedHealth, regarding AI use in medical decisions.

Key Details

The "SOP Chatbot" was trained on Optum's internal documents about standard operating procedures for handling claims.
Employees used the chatbot hundreds of times since September to inquire about claim determinations and policy renewals.
The chatbot referenced internal documents on dispute processes, eligibility screening, and reasons for denying coverage.
Although hosted on an internal domain, the chatbot's public IP address allowed anyone to access it.

Optum's Response

Optum claims the chatbot was a demo, never in production, and not used with protected health information. They stated it was intended to test responses to questions on a small set of SOP documents and never made decisions. However, the chatbot's chat history reveals employee attempts to "jailbreak" it and make it produce unrelated answers. This incident coincides with legal action against UnitedHealth for allegedly using AI to deny patient claims, as highlighted in Apple Intelligence: Revolutionizing iOS, iPadOS, and macOS with Generative AI.

UnitedHealth Under Scrutiny

UnitedHealth Group, Optum's parent company, faces criticism and lawsuits for its AI usage in denying patient claims. Following the death of UnitedHealthcare's CEO, numerous patient complaints about denied coverage have surfaced. A federal lawsuit accuses UnitedHealthcare of using an AI model with a high error rate to deny care, a practice also discussed in articles like Google Agentspace: AI-Powered Search for Enterprises. Despite $22 billion in profit in 2023, UnitedHealth's practices are under intense scrutiny. For more on AI and data security, see Exxon Mobil to Power AI Data Centers with Carbon Capture Plant.