Cyberthreat actors using ChatGPT exploit to attack health care, other industries

Mar 18, 2025 - 03:44 PM
Cybersecurity with lock

A ChatGPT vulnerability identified last year is being used by cyberthreat actors to attack security flaws in artificial intelligence systems, according to a March 12 report by Veriti, a cybersecurity firm. The National Institute of Standards and Technology lists the vulnerability as medium risk, but Veriti said it has been used by cyberthreat actors in more than 10,000 attack attempts worldwide. Financial institutions, health care and government organizations have been top targets for the attacks, the firm said. The attacks could lead to data breaches, unauthorized transactions, regulatory penalties and reputational damage. 
 
“This could allow an attacker to steal sensitive data or impact the availability of the AI tool,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “This highlights the importance of integrating patch management into a comprehensive governance plan for AI when it is implemented in a hospital environment. The fact that the vulnerability is a year old and a proof of concept for exploitation has been published for some time is also a good reminder of the importance of timely patching of software.” 
 
For more information on this or other cyber and risk issues, contact Gee at sgee@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
CISA releases guidance following reported legacy Oracle cloud breach
The Cybersecurity and Infrastructure Security Agency April 17 released guidance to reduce risks associated with a reported breach of Oracle cloud services.…
Headline
AHA podcast: Ambient AI Technology at Cleveland Clinic — Reducing Physician Burnout and Enhancing Patient Care 
Cleveland Clinic's Eric Boose, M.D., family medicine physician and associate chief medical information officer and Rohit Chandra, executive vice president and…
Headline
Agencies issue guidance on navigating deceptive online recruitment of current and former federal employees
The National Counterintelligence and Security Center, the FBI, and the Defense Counterintelligence and Security Center yesterday released guidance on…
Headline
Study finds AI screening for OUD led to fewer hospital readmissions 
The National Institutes of Health April 3 released a study that found an artificial intelligence screening tool was as effective as health care providers in…
AHA Cyber Intel
[Updated] 3 Must-know Cyber and Risk Realities: What’s Ahead for Health Care in 2025
While the rate of cyberattacks on hospitals has risen dramatically, the severity of the impacts has also grown exponentially. Let’s look at the state of cyber…
Headline
House subcommittee holds hearing on cybersecurity vulnerabilities in legacy medical devices
The House Energy and Commerce Oversight and Investigations Subcommittee April 1 discussed cybersecurity threats in legacy medical devices during a hearing. The…