© NicoElNino – stock.adobe.com
News • Patient data extraction, manipulation, poisoning
Experts highlight LLM cybersecurity threats in radiology
In a new special report, researchers address the cybersecurity challenges of large language models (LLMs) and the importance of implementing security measures to prevent LLMs from being used maliciously in the health care system.
The special report was published in Radiology: Artificial Intelligence, a journal of the Radiological Society of North America (RSNA).
Image credit: Radiological Society of North America (RSNA)
LLMs, such as OpenAI’s GPT-4 and Google’s Gemini, are a type of artificial intelligence (AI) that can understand and generate human language. LLMs have rapidly emerged as powerful tools across various health care domains, revolutionizing both research and clinical practice. These models are being employed for diverse tasks such as clinical decision support, patient data analysis, drug discovery and enhancing communication between health care providers and patients by simplifying medical jargon. An increasing number of health care providers are exploring ways to integrate advanced language models into their daily workflows. “While integration of LLMs in health care is still in its early stages, their use is expected to expand rapidly,” said lead author Tugba Akinci D’Antonoli, M.D., neuroradiology fellow in the Department of Diagnostic and Interventional Neuroradiology, University Hospital Basel, Switzerland. “This is a topic that is becoming increasingly relevant and makes it crucial to start understanding the potential vulnerabilities now.”
Recommended article
Article • From chatbot to medical assistant
Generative AI: prompt solutions for healthcare?
Anyone who has exchanged a few lines of dialogue with a large language model (LLM), will probably agree that generative AI is an impressive new breed of technology. LLMs show great potential in addressing some of the most urgent challenges in healthcare. At the Medica tradefair, several expert sessions were dedicated to generative AI, its potential medical applications and current caveats.
LLM integration into medical practice offers significant opportunities to improve patient care, but these opportunities are not without risk. LLMs are susceptible to security threats and can be exploited by malicious actors to extract sensitive patient data, manipulate information or alter outcomes using techniques such as data poisoning or inference attacks.
Image credit: Radiological Society of North America (RSNA)
AI-inherent vulnerabilities and threats can range from adding intentionally wrong or malicious information into the AI model’s training data to bypassing a model’s internal security protocol designed to prevent restricted output, resulting in harmful or unethical responses.
Non-AI-inherent vulnerabilities extend beyond the model and typically involve the ecosystem in which LLMs are deployed. Attacks can lead to severe data breaches, data manipulation or loss and service disruptions. In radiology, an attacker could manipulate image analysis results, access sensitive patient data or even install arbitrary software.
The authors caution that cybersecurity risks associated with LLMs must be carefully assessed before their deployment in health care, particularly in radiology, and radiologists should enact protective measures when dealing with LLMs. “Radiologists can take several measures to protect themselves from cyberattacks,” Dr. D’Antonoli said. “There are of course well-known strategies, like using strong passwords, enabling multi-factor authentication, and making sure all software is kept up to date with security patches. But because we are dealing with sensitive patient data, the stakes (as well as security requirements) are higher in health care.”
Just like we undergo regular radiation protection training in radiology, hospitals should implement routine cybersecurity training to keep everyone informed and prepared
Tugba Akinci D’Antonoli
To safely integrate LLMs into healthcare, institutions must ensure secure deployment environments, strong encryption and continuous monitoring of model interactions. By implementing robust security measures and adhering to best practices during the development, training and deployment stages, stakeholders can help minimize risk and protect patient privacy.
Dr. D’Antonoli notes that it is also important to use only the tools that have been vetted and approved by an institution’s IT department, and any sensitive information used as input for these tools should be anonymized. “Moreover, ongoing training about cybersecurity is important,” she said. “Just like we undergo regular radiation protection training in radiology, hospitals should implement routine cybersecurity training to keep everyone informed and prepared.”
According to Dr. D’Antonoli, patients should be aware of the risks but not overly worried. “The landscape is changing, and the potential for vulnerability might grow when LLMs are integrated into hospital systems,” she said. “That said, we are not standing still. There is increasing awareness, stronger regulations and active investment in cybersecurity infrastructure. So, while patients should stay informed, they can also be reassured that these risks are being taken seriously, and steps are being taken to protect their data.”
Source: Radiological Society of North America
15.05.2025
