• Social engineering. Bad actors can use generative AI to create targeted disinformation campaigns (such as fake news and social media posts) and psychologically manipulative messages aimed at damaging a hospital’s reputation, undermining trust, or tricking staff into compromising security. Here again, this can happen to anyone. For example, a bad actor could commit a ransomware attack and as part of that use GenAI to spread very convincing fake news stories about the healthcare system’s patient care being compromised, thus pressuring the organization to pay a ransomware. It’s only a matter of time before this happens to a healthcare system.
• Compromising GenAI. Bad actors can use GenAI to directly compromise GenAI-based clinical tools (leading to misdiagnosis and incorrect treatment) and to disrupt critical hospital systems (ransomware, equipment sabotage), potentially causing chaos and endangering patient lives. This is an especially alarming threat because it’s no secret that large language models can be vulnerable to security lapses.
Unfortunately, these are very real scenarios. Ransomware attacks are on the rise in healthcare according to recent research from Barracuda Networks. The company believes that an uptick in AI-generated phishing attacks and development of malware is behind the surge. These attacks are costly. They endanger patients’ lives and hurt hospitals financially. All told, ransomware attacks affected at least 141 hospitals in 2023. By 2023, the typical ransom amount soared by 29,900 percent, reaching approximately $1.5 million.
How hospitals can protect themselves So, what can hospitals do about all this? Plenty! Here are some measures they should take now:
• Fight fire with fire. Effective cybersecurity defense will always come down to anticipating how bad actors work to stay a step ahead of them. This means thinking like they think and fighting fire with fire. Tools such as Google Magika continue to emerge to help all businesses, including healthcare organizations. Magika uses GenAI to detect malware, and hospitals can use it to more effectively stop phishing emails from planting ransomware.
• Implement a zero trust architecture (ZTA). Traditional security models often operate on the assumption that everything inside the organization’s network is trusted, creating a strong perimeter to keep threats out. But ZTA assumes that threats can exist both outside and inside the traditional network perimeter, thus necessitating rigorous verification and control measures. As a result, a business employing ZTA protects its systems with a far greater level of rigor, Companies such as NVIDIA offer tools to help businesses implement ZTA.
