On June 1, 2025, the California Applicants’ Attorneys Association reported that Serviceaide, a provider of AI-powered healthcare software, had suffered a data breach that led to at least six federal class-action lawsuits. The breach was caused by an unsecured database that exposed the protected health information of 483,000 patients of Catholic Health in Buffalo, New York. The breach occurred in 2024 but was reportedly first discovered in May 2025.
Thankfully, not all breaches involving AI business associates to HIPAA-covered entities are that large. A listing this week on a hacking forum reveals a breach involving “digital helper” Lena Health. Lena is an AI-based care coordination platform headquartered in Houston, Texas. One of its clients is Houston Methodist.
The forum listing begins:
Lena Health is on the small side compared to our other victims, but we are so sick of the endless “AI-driven” SaaS (Slop As A Service) startups that we’ve made a point of targeting these snake oil vendors specifically. Especially those ones that deal with vulnerable populations and stock their users’ PHI and other sensitive data on vulnerable servers accessible by the entire internet.
We’re releasing a breach preview including the TWILIO CALL RECORDING DATABASE and several patients’ discharge documents — the latter with their last names redacted by our team aside from initial, because we care more about their data privacy than Lena Health does, apparently.
What Happened?
The listing claims that Lena Health “stored 2,134 patients’ complete PHI in an unencrypted database export sitting in a public-facing S3 bucket.”
In email, however, FulcrumSec provided DataBreaches with greater clarity about the situation, explaining that they gained access via a major vulnerability that went public in early December. There was a patch available since early December, but Lena Health had not yet patched by the time they were attacked a week or two later in December.
“To be fair to Lena, some massive companies with what I’d assume to be large security budgets went unpatched for nearly that long as well,” FulcrumSec acknowledged.
According to the forum post, Lena Health was contacted on January 10, but hadn’t responded to FulcrumSec as of January 15. In email, however, FulcrumSec revealed that Lena Health eventually did respond to them, but after the vendor was provided with files as proof of the breach, they allegedly responded, “OK, I am sending this message to the team along with the files you provided. We’ll need a little time to discuss things. We will stay in touch and reach back out soon.”
Lena Health stopped responding after that, FulcrumSec informed DataBreaches. “We sent numerous warnings to make sure there wasn’t a miscommunication going on, but it is obvious that they reached a decision to cut contact and not pay.”
What Kinds of Data Were Involved?
According to FulcrumSec forum post, the bucket contained:
– 2,134 unique patients with full names, dates of birth, phone numbers, and other PHI data
– 19,542 recorded phone calls with patients discussing their health — most with full transcriptions
– 68 hospital discharge documents with deeply intimate information no patient would ever consent to having stored by a startup with flimsy security
– 1,380 phone numbers linking directly to vulnerable, elderly patients
and API keys, staff login credentials, and more!
Those numbers are not quite accurate, FulcrumSec told DataBreaches in email, as there were a lot of duplicates in the recorded phone calls and discharge statements, so that the true number of recorded phone calls was probably less than 7,500 and the number of patients was less than 10. But from inspection of the raw data, shared with DataBreaches.net, it is clear that they obtained protected health information on patients, such as one might find in detailed, multi-page medical reports.
- Complete patient identities with dates of birth
- Medical record numbers (MRNs) and case session numbers
- Call recordings revealing medical conditions and treatment discussions
- Prescriptions for controlled substances (opioids), erectile dysfunction medications (Viagra, Cialis)
- Bladder incontinence and catheter care instructions (including explicit penis cleaning procedures)
- Diabetic gangrene diagnosis with potential amputation
- Post-surgical care instructions for prostate surgery, heart surgery
- Doctor names, addresses, phone numbers, scheduled appointments
- Pharmacy locations with prescription details
HIPAA, HIPAA, HIPAA!
Lena Health is a business associate for Houston Methodist in Texas, and the patient data in question is mostly from that provider, although DataBreaches heard recordings involving patients from a few other hospitals, as well. The recordings and related json files reveal the patients’ names, phone numbers, and the name of a person who is supposed to be their care coordinator. In some recordings, patients reveal personal information such as that they live alone, or what other needs they have.
As FulcrumSec mentioned in the forum listing, it is not clear that all of the patients knew they were interacting with AI and not a real human being. If Lena Health thinks that idenitifying the caller as a “digital helper” is sufficient to make clear to patients that they are not talking to a real human and are interacting with AI on a recorded line, then I would respectfully disagree with them and suggest they be explicitly clear at the beginning of each recorded call that this is an AI call that is being recorded.
Over on North Country Communications, Rachel Seeger comments on this breach, and reminds people of the obligations under HIPAA.
Neither Lena Health nor Houston Methodist replied to emails sent on both Monday and Tuesday of this week. This post may be updated if additional information becomes available.
As of publication, FulcrumSec has leaked samples of the patient data with redaction, but has not leaked all of the data. They have, however, created a separate webpage on their own domain about the leak that has links to the samples and to future full leaks.
Update: Lena Health did respond with a statement in response to this site’s inquiries, although this site may not have received their first attempt to respond. Here is their statement:
“We recently experienced a security incident affecting one of our systems. As part of our response to this incident, we engaged third-party cybersecurity experts to aid in our investigation. We are confident the incident is contained and our systems are secure. Our operations remain unaffected and we continue to serve our customers without disruption. We are communicating directly with our customers and, in accordance with our obligations, will notify relevant parties and the limited number of individuals affected by this incident.”