Description: An AI-linked platform operated by Serviceaide exposed sensitive health data from Catholic Health, affecting 483,000 patients. The breach stemmed from a misconfigured Elasticsearch database used in Serviceaide’s agentic AI infrastructure. Exposed information included medical records, insurance details, and login credentials. While no misuse has been confirmed, the nature of the data has prompted regulatory scrutiny and legal investigations.
Editor Notes: Timeline notes: According to the company's notice (which can be accessed at https://www.serviceaide.com/notices) and third-party reporting, Serviceaide discovered the inadvertent exposure of Catholic Health's Elasticsearch database on November 15, 2024. The exposed data was accessible between September 19 and November 5, 2024. Serviceaide reported the breach to the U.S. Department of Health and Human Services on May 9, 2025 (which is being taken as the incident date for this incident ID), following a months-long investigation and data review. Public disclosure and notification to affected individuals began shortly thereafter.
Entities
View all entitiesAlleged: Serviceaide , Serviceaide agentic AI platform and Elasticsearch database developed and deployed an AI system, which harmed Patients of Catholic Health and Catholic Health.
Alleged implicated AI systems: Serviceaide agentic AI platform and Elasticsearch database
Incident Stats
Incident ID
1070
Report Count
2
Incident Date
2025-05-09
Editors
Daniel Atherton
Incident Reports
Reports Timeline
Serviceaide post-incident response
SERVICEAIDE, INC Notice of Data Security Event May 5, 2025
Serviceaide,Inc. ("Serviceaide") is providing notice of an incident that may have impacted the privacy of certain individuals' information. Serviceaide is a provider of informationt…
Serviceaide, a provider of agentic artificial intelligence-based IT management and workflow software, reported to regulators that an inadvertent exposure of data on the web has affected more than 483,000 patients of client Catholic Health, …
Variants
A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.