ChatGPT Vulnerability Being Used in Cyberattacks Against Healthcare Systems

A March 12 report from Veriti, a cybersecurity firm, says that a “ChatGPT vulnerability identified last year is being used by cyberthreat actors to attack security flaws in artificial intelligence systems,” including in healthcare.

The National Institute of Standards and Technology “lists the vulnerability as medium risk, but Veriti said it has been used by cyberthreat actors in more than 10,000 attack attempts worldwide.” The attacks could lead to “data breaches, unauthorized transactions, regulatory penalties, and reputational damage.”

Scott Gee, AHA’s deputy national advisor for cybersecurity and risk, said that these attacks could “allow an attacker to steal sensitive data or impact the availability of the AI tool.” He also says that these events highlight “the importance of integrating patch management into a comprehensive governance plan for AI when it is implemented in a hospital environment. The fact that the vulnerability is a year old and a proof of concept for exploitation has been published for some time is also a good reminder of the importance of timely patching of software.”