Cyberthreat actors using ChatGPT exploit to attack health care, other industries

Mar 18, 2025 - 03:44 PM
Cybersecurity with lock

A ChatGPT vulnerability identified last year is being used by cyberthreat actors to attack security flaws in artificial intelligence systems, according to a March 12 report by Veriti, a cybersecurity firm. The National Institute of Standards and Technology lists the vulnerability as medium risk, but Veriti said it has been used by cyberthreat actors in more than 10,000 attack attempts worldwide. Financial institutions, health care and government organizations have been top targets for the attacks, the firm said. The attacks could lead to data breaches, unauthorized transactions, regulatory penalties and reputational damage. 
 
“This could allow an attacker to steal sensitive data or impact the availability of the AI tool,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “This highlights the importance of integrating patch management into a comprehensive governance plan for AI when it is implemented in a hospital environment. The fact that the vulnerability is a year old and a proof of concept for exploitation has been published for some time is also a good reminder of the importance of timely patching of software.” 
 
For more information on this or other cyber and risk issues, contact Gee at sgee@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
AHA podcast: Cybersecurity on the Health Care Front Lines Against AI and Ransomware
Larry Pierce, director of cybersecurity and information security officer for Atlantic Health, unpacks how the growth of artificial intelligence is reshaping…
Headline
Agencies issue guidance on secure connectivity for operational technology
U.S. and international agencies Jan. 14 released guidance on secure connectivity for operational technology environments. Examples of OT environments in health…
Headline
ARPA-H announces program to develop and deploy AI tools for cardiovascular disease management 
The Advanced Research Projects Agency for Health Jan. 13 announced a program to develop and implement artificial intelligence tools for…
Headline
AHA expresses support for bill improving cybersecurity workforce in rural hospitals
The AHA Jan. 14 expressed support for the Rural Hospital Cybersecurity Enhancement Act (S. 2169), legislation that would direct the Department of Health and…
Headline
FBI warns of attacks by North Korean cyber threat group using malicious QR codes
The FBI Jan. 8 released an alert on evolving threat tactics by Kimsuky, a North Korean state-sponsored cyber threat group. As of last year, the group…
Headline
Encore: Bridging Distances with AI and Telemedicine, and Destigmatizing Mental Health for Health Care Workers
Thank you for listening to Advancing Health! As we close out 2025, we’re excited to share highlights from two impactful episodes that sparked dialogue around…