Cyberthreat actors using ChatGPT exploit to attack health care, other industries

Mar 18, 2025 - 03:44 PM
Cybersecurity with lock

A ChatGPT vulnerability identified last year is being used by cyberthreat actors to attack security flaws in artificial intelligence systems, according to a March 12 report by Veriti, a cybersecurity firm. The National Institute of Standards and Technology lists the vulnerability as medium risk, but Veriti said it has been used by cyberthreat actors in more than 10,000 attack attempts worldwide. Financial institutions, health care and government organizations have been top targets for the attacks, the firm said. The attacks could lead to data breaches, unauthorized transactions, regulatory penalties and reputational damage. 
 
“This could allow an attacker to steal sensitive data or impact the availability of the AI tool,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “This highlights the importance of integrating patch management into a comprehensive governance plan for AI when it is implemented in a hospital environment. The fact that the vulnerability is a year old and a proof of concept for exploitation has been published for some time is also a good reminder of the importance of timely patching of software.” 
 
For more information on this or other cyber and risk issues, contact Gee at sgee@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Blog
Navigating Disruption: What CFOs and Their Teams Need to Know Now
Public
The health care field has entered a period of disruption, from sweeping coverage changes to the rise of artificial intelligence (AI)-enabled tools. The…
Headline
AHA leadership to discuss AI, public-private partnerships and more during 48th World Hospital Congress in Switzerland 
AHA leaders tomorrow will participate in a series of panels during the International Hospital Federation’s 48th annual World Hospital Congress in Geneva. AHA…
Headline
Agencies release guidance on Microsoft Exchange server best practices
The National Security Agency, Cybersecurity and Infrastructure Security Agency and international partners released joint guidance Oct. 30 on best practices for…
Headline
Microsoft issues security update addressing critical vulnerability impacting Windows server services 
Microsoft has released a security update to address a critical remote code execution vulnerability impacting multiple versions of Windows Server Update…
Headline
AHA urges smarter AI regulation for advancing innovation, safety and access to health care
The AHA today submitted a letter to the Office of Science and Technology Policy in response to its request for information on regulatory reform for artificial…
Headline
2025 Cybersecurity Year in Review, Part Two: Mitigating Third-Party Risk, Ensuring Clinical Continuity and Addressing AI Risk
In part two of a recent blog, AHA National Advisor for Cybersecurity and Risk John Riggi and AHA Deputy National Advisor for Cybersecurity and Risk Scott Gee…