HealthTech AI that touches patient data combines model-layer risk with HIPAA exposure. We test your AI systems and make sure PHI does not leak through them.
More context on this sector on our HealthTech industry page.
Tailored to HealthTech, delivered by a Toronto security and compliance team led by a published CVE researcher, with our partner Lorikeet Security where offensive testing is involved.
See the full AI Security service page, or productized pricing for fixed-scope engagements.
Yes — PHI can leak through prompts, embeddings, RAG retrieval, and logs. We specifically test those paths and map findings to your HIPAA obligations.
If you run AI on health data, they reinforce each other: HIPAA sets the obligations, AI security tests whether your model layer actually meets them.
Only under a BAA and correct configuration, and even then the application layer needs testing. We assess both.
Book a free 30-minute discovery call. We will tell you whether this engagement fits, what it would cost, and when we could start.