2. ChatGPT, other major language models will make some attacks harder to identify.
Creative artificial intelligence is the ability of algorithms to automatically generate content from user queries such as text, videos, and images. As reported by Spiderlabs, this is also a potential threat to data security.
Although many companies have begun to invest in their own models, there were initially concerns that the major language models would start writing malicious code. That threat has yet to fully materialize, Sigler said, because the models require someone to understand how to code before the models produce malicious results.
But Sigler said AI is making it harder for employees to identify phishing or malicious emails.
“When you have an AI engine that speaks that language naturally and understands exactly what you’re trying to say, that becomes a lot more engaging,” Sigler said. “Those red flags, those grammar mistakes, those spelling mistakes tend to go away.”
The report also says healthcare systems may face increased exposure risk due to their reliance on third-party vendors that can incorporate generalized AI into their products.
3. Healthcare lacks stock of accurate equipment.
The increasing number of connected devices in healthcare adds to the vulnerability of the industry’s infrastructure, say the report’s authors. Devices ranging from employee cell phones to medical equipment are at risk.
Sigler says many vendors don’t have an exact inventory of connected devices.
“I see that as the biggest problem,” Sigler said. “Having a current, relevant, and constantly updated archive of what you have and how valuable it is to your organization… will help you prioritize the security controls you have. applied.”
When an organization has the correct inventory, Sigler said organizations should prioritize releasing one value for each data area. For example, clinical data can have more control and greater value in an organization than web analytics or marketing email lists.
“I think a lot of people just sit in front of the horse,” Sigler said. They start setting up all kinds of policies and procedures… without really understanding the intricacies of implementing those policies.”
4. Personally Identifiable Medical Information Available on the Dark Web
As reported by Spiderlabs, stolen information potentially obtained from US-based healthcare organizations is likely to appear on the dark web.
There are 8,000 logs claiming information from US-based healthcare organizations on the RussianMarket forum, a popular underground marketplace.
For example, on CruptBB, a platform forum where hackers sell information, there may be a healthcare attack ad outlining the sharing of personal healthcare data such as medical records, security numbers, and so on. Social Security number, phone number, address and name. According to Sigler, this is a fairly typical form of advertising on underground forums and other types of data for sale.