Cyberthreat actors using ChatGPT exploit to attack health care, other industries

Mar 18, 2025 - 03:44 PM
Cybersecurity with lock

A ChatGPT vulnerability identified last year is being used by cyberthreat actors to attack security flaws in artificial intelligence systems, according to a March 12 report by Veriti, a cybersecurity firm. The National Institute of Standards and Technology lists the vulnerability as medium risk, but Veriti said it has been used by cyberthreat actors in more than 10,000 attack attempts worldwide. Financial institutions, health care and government organizations have been top targets for the attacks, the firm said. The attacks could lead to data breaches, unauthorized transactions, regulatory penalties and reputational damage. 
 
“This could allow an attacker to steal sensitive data or impact the availability of the AI tool,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “This highlights the importance of integrating patch management into a comprehensive governance plan for AI when it is implemented in a hospital environment. The fact that the vulnerability is a year old and a proof of concept for exploitation has been published for some time is also a good reminder of the importance of timely patching of software.” 
 
For more information on this or other cyber and risk issues, contact Gee at sgee@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
AHA shares concerns, recommendations with CMS on WISeR model
The AHA Oct. 23 recommended changes to the Centers for Medicare & Medicaid Services’ Wasteful and Inappropriate Services Reduction model to address…
Headline
Reminder: Comments due to OSTP Oct. 27 on regulations hindering AI development
Comments are due Oct. 27 to the Office of Science and Technology Policy on federal regulations that hinder artificial intelligence development, deployment or…
Headline
CISA warns of vulnerability in F5 BIG-IP products
The Cybersecurity and Infrastructure Security Agency Oct. 15 released an emergency directive advising federal agencies to take stock of their F5 BIG-IP…
Headline
AHA blog: How HCA Healthcare Is Using AI to Redefine Patient Safety
An AHA blog published today shares how HCA Healthcare in Nashville, Tenn., has been leveraging artificial intelligence to reduce risk and improve health…
Blog
Smarter, Safer Hospitals: How HCA Healthcare Is Using AI to Redefine Patient Safety
Public
Cross-industry insights and new technology are helping HCA Healthcare reduce risk, improve outcomes and lead the future of high-reliability careFor Randy Fagin…
Headline
AHA blog: 2025 Cybersecurity Year in Review, Part One — Breaches and Defensive Measures
In part one of a new blog, John Riggi, AHA national advisor for cybersecurity and risk, and Scott Gee, AHA deputy national advisor for cybersecurity and risk,…