As medical professionals, we recognize the transformative potential of artificial intelligence (AI) in improving diagnostic capabilities, personalizing treatments, and enhancing overall patient care. However, the increased risk of security breaches comes alongside these advancements, threatening patient privacy and intellectual property. This article highlights notable AI-based security breaches in health care organizations and underscores the importance of safeguarding sensitive information.
AI-based security breaches: a cause for concern
SingHealth data breach (2019): In an alarming incident, Singapore’s public health care system fell prey to a cyberattack that affected 1.5 million patients. Malefactors accessed electronic health records, including those of the prime minister, by exploiting vulnerabilities in SingHealth’s IT systems.
PACS vulnerability (2018): A security researcher identified a vulnerability in the Picture Archiving and Communication System (PACS), exposing more than 45 million medical images, including susceptible images of patients’ breasts, genitals, and faces. Disturbingly, anyone with internet access could view and download these images without authentication.
The Dark Overlord attacks (2017): The hacker group The Dark Overlord illicitly obtained sensitive patient data from various health care organizations, including a plastic surgery clinic in London. The stolen data encompassed before-and-after photos, names, addresses, and medical histories. The hackers demanded a ransom, threatening to release the data otherwise.
Los Angeles hospital ransomware attack (2016): A hospital in Los Angeles paid a ransom of $17,000 to regain access to its computer systems after a ransomware attack. The attack capitalized on a vulnerability in an outdated version of JBoss, forcing the hospital to divert patients and revert to paper records.
The threat of malicious AI-based attacks
We must remain vigilant, as AI technology can also be exploited maliciously. These may include detecting vulnerabilities in health care systems, orchestrating sophisticated phishing attacks, or purloining intellectual property. To safeguard against potential AI-based attacks, health care organizations must establish robust security protocols, educate employees on cybersecurity best practices, and conduct regular audits to identify and address system vulnerabilities.
AI’s role in detecting and preventing security breaches
AI holds the potential to bolster security in health care organizations through intrusion detection, anomaly detection, and threat intelligence. By capitalizing on AI’s capabilities in these domains, health care organizations can improve their security posture and protect patient data from unauthorized access.
Examples of AI-Based Attacks on Physical Infrastructure
WannaCry ransomware attack (2017): The WannaCry ransomware attack impacted health care organizations globally, including the UK’s National Health Service (NHS). The attack exploited a Microsoft Windows vulnerability, affecting medical devices such as MRI scanners and blood storage refrigerators.
CT scanner hacking (2018): Researchers from the University of Florida showcased the potential for AI to compromise a CT scanner and alter the radiation dose delivered to a patient without leaving any trace of the attack.
Insulin pump vulnerability (2019): A security researcher discovered vulnerabilities in an insulin pump that could enable an attacker to remotely control the device and administer incorrect insulin doses by using AI to brute-force the app’s authentication.
Fake medical images (2020): Researchers from the University of California, Irvine, demonstrated the capacity of AI to produce counterfeit medical images, deceiving radiologists into making incorrect diagnoses using a technique called generative adversarial networks (GANs).
While AI has undeniably revolutionized health care, it also presents significant security challenges. As medical professionals, we are responsible for prioritizing cybersecurity to prevent breaches and protect patient data, intellectual property, and physical infrastructure. By implementing robust security measures, training employees on best practices, and conducting regular audits, we can mitigate the risks associated with AI-based attacks and ensure that the benefits of this groundbreaking technology are maximized while minimizing its potential drawbacks. Protecting patient data, intellectual property, and the physical infrastructure of health care organizations is essential for maintaining trust and ensuring the continued progress of health care in the age of artificial intelligence.
Harvey Castro is a physician, health care consultant, and serial entrepreneur with extensive experience in the health care industry. He can be reached on his website, harveycastromd.info, Twitter @HarveycastroMD, Facebook, Instagram, and YouTube. He is the author of Bing Copilot and Other LLM: Revolutionizing Healthcare With AI, Solving Infamous Cases with Artificial Intelligence, The AI-Driven Entrepreneur: Unlocking Entrepreneurial Success with Artificial Intelligence Strategies and Insights, ChatGPT and Healthcare: The Key To The New Future of Medicine, ChatGPT and Healthcare: Unlocking The Potential Of Patient Empowerment, Revolutionize Your Health and Fitness with ChatGPT’s Modern Weight Loss Hacks, and Success Reinvention.