How Threat Actors Leverage AI to Advance Healthcare Cyberattacks
Threat actors are using AI to develop phishing emails, exploit vulnerabilities, and execute healthcare cyberattacks, HC3 warned in its latest brief.
Source: Getty Images
By Jill McKeon
- The HHS Health Sector Cybersecurity Coordination Center (HC3) issued a brief regarding artificial intelligence (AI) and the threats it may pose to healthcare cybersecurity. As AI continues to advance, organizations across all sectors will have to adjust their risk mitigation strategies to account for innovation and the new cyber threats that come with it.
Threat actors have been leveraging AI to design and execute attacks, HC3 warned. Just like AI can reduce inefficiencies across various sectors, threat actors have found AI to be a useful tool in speeding up their attack rates and reaching more victims.
Specifically, threat actors may use AI to develop phishing emails, automate attacks, spread ransomware, rapidly exploit vulnerabilities, and develop complex malware code. HC3 even demonstrated how ChatGPT can help threat actors by asking it to craft a phishing email template that can be easily reused.
“It attempts to entice the recipient to open the attachment with positive news. The attacker will need to attach a malicious file, and then fill in the blanks and customize it in order to make it even more believable,” HC3 noted.
HC3 also demonstrated how threat actors are able to use ChatGPT to develop malware without much technical knowledge.
Defending the healthcare sector against AI threats is a challenging feat, HC3 acknowledged. A good starting point is the National Institute of Standards and Technology (NIST) Artificial Intelligence Risk Management Framework (AI RMF), which provides organizations with a roadmap for managing AI cybersecurity risks. Organizations may also leverage MITRE ATLAS, a knowledge base of adversary tactics and techniques targeting AI systems.
Going forward, HC3 urged healthcare organizations to “expect a cat-and-mouse game.”
“As AI capabilities enhance offensive efforts, they’ll do the same for defense; staying on top of the latest capabilities will be crucial,” the brief noted.
As previously reported, AI poses compliance challenges as well as cybersecurity issues. Two viewpoint articles published recently in JAMA explored the challenges of navigating HIPAA compliance while reaping the benefits of AI chatbots. Some researchers argued that AI chatbots and HIPAA compliance cannot coexist, while others expressed hope for future regulations and guidance on the topic.
Recent developments in AI have signaled a long road ahead when it comes to ensuring security and compliance in the healthcare space.
