Threat Modeling Essentials for Generative AI in HealthcareConsulting Firm Ahead’s Mervyn Chapman on Critical Security Factors in AI Adoption
It's critical for healthcare sector entities that are considering - or are already - deploying generative AI applications to create an extensive threat modeling infrastructure, said Mervyn Chapman, principal consultant at consulting and managed services firm Ahead and a former healthcare CISO.
"Before you deploy AI, understand what some of the potential attack vectors are and what controls need to be built to assess the vulnerabilities in that system. Build security in from the ground up," Chapman said in an interview with Information Security Media Group.
"Make sure these controls are documented and they're part of your standard risk assessment protocol," he said.
In this audio interview with Information Security Media Group (see audio link below photo), Chapman also discussed:
- The more common generative AI uses emerging in healthcare today;
- Essential checks and balances for AI accuracy and integrity;
- The importance of stringent access controls for AI users, especially those who have access to the back-end of AI systems.
Chapman has over two decades of experience, including roles as CISO. He specializes in NIST, CIS and HIPAA compliance frameworks and has expertise in program development, incident response, vulnerability management, policy formulation and regulatory compliance.
This transcript has been edited and refined for clarity.
Marianne McGee: I'm Marianne Kolbasuk McGee, executive editor at Information Security Media Group. Today, I'm speaking with Mervyn Chapman who is principal consultant at consulting and managed services firm AHEAD. Mervyn is also a former healthcare CISO. We're going to be discussing generative AI in healthcare. So Mervyn, we've been hearing so much about ChatGPT and generative AI this year. But as we know, AI has been used in healthcare for a while including to help radiologists with reading medical images and some other kind of applications. With that said, what emerging use cases are you seeing and hearing most about right now involving generative AI in the healthcare sector? And what are your thoughts about those applications?
McGee: So Mervyn, as healthcare sector entities are rolling out these various AI initiatives, what security issues and privacy concerns are you thinking about? And what controls and practices these entities should be keeping in mind as they deploy these AI initiatives? What should they be doing?
Chapman: One of the key areas that AI is being used for right now is just in helping generate synthetic data. Coming back to our point about underrepresented populations or diseases that typically don't get a lot of attention. There's an increasing number of research being done now with synthetic data. So leveraging those generative models to create synthetic data, convincing patient data, images, and reports, and things that nature allow for there to be a larger set of data for researchers to pay attention to. The risk is that some of our pre-existing biases can be placed into synthetic data, which would then keep some of these things moving forward; some of these biases moving forward. There's also a risk of poisoning attacks, where someone could craft some sort of data to poison our AI models, or an infrastructure overload. It's very easy now to take a malfunctioning or malicious AI and point it at some infrastructure to help overload it in some way. So there are a couple of risks with some of these emerging AI use cases.
McGee: You mentioned some of these risks. When it does come to the emerging use of generative AI in healthcare, how do you think that's going to factor into the breaches and cyberattacks we might see in the near future? And then further out?
Chapman: I think we're just at the beginning of what we're going to see in terms of breaches.
McGee: How might the emerging use of generative AI in healthcare factor into the kinds of breaches and cyberattacks we might see in the near future and then looking ahead further out?
Chapman: I think the breaches and cyberattacks are going to become much more imaginative. Some of the breaches are going to take advantage of the fact that AI does things very quickly and intelligently. One of the risks of generative AI, and this is not just specific to healthcare, is that it may make inferences that were not part of the original design. AI is still very much a black box technology. And if we are depending on AI to make choices even if it's as simple as presenting patient information or triaging some in specific situations, we stand the risk of a cyberattack having much more far-reaching consequences than just access to a system. AI could be fooled to initiate attack or to make an existing attack much worse. So it's up to the executives and those owning the AI systems to make sure that the outcomes of that AI system or platform are accounted for in an incident or disaster recovery plan.
McGee: Do you think there's a potential for AI to be used to deliver inaccurate determinations, interfering with the decision-making that these AI tools are hopefully trying to help with in terms of patient care, diagnosis or anything along those lines?
Chapman: I think that's absolutely a possibility. Yes. So it all depends on how we train the AI. And again, as I mentioned earlier, if we put our existing biases into a system, then all we're going to do is develop those biases and come up with biased outcomes much more quickly than we already would have. It's good to have AI helping to make those decisions. But there needs to be some check and balance to make sure that we're not simply taking it at its word and moving forward with that type of decision.
McGee: And when it comes to the biases, what things worry you the most? What things could impact even the integrity of the AI itself?
Chapman: The biases that I see existing are the ones that would normally come about just because of our existing medical system. There are certain diseases and, as I mentioned, certain populations that are simply underrepresented in studies. If we base our treatment plans on incorrect data - whether it's developed by AI or other forms of research - we now stand the chance of using that data to move forward. So for example, asthma cases, there are certain sections of the population that suffer from asthma much more frequently than others. If those people are not represented in the studies that research asthma, we may come up with wrong data on treatment plans and population health studies. So if there is no accountability for the decisions made by AI, if there are no checks and balances on the decisions that are the clinical support data that comes out of these AI platforms, we can introduce those biases, and not all of them are intentional biases. Some of them are simply unintentional because of the lack of representation in studies. So if we're not paying attention to those, we will keep doing the wrong things again. But we will just keep saying, hey, the AI platform has told us to do this. So again, just something we need to be careful about moving forward.
McGee: So Mervyn, when it comes to the good and bad for generative AI in healthcare, when it comes to data security, privacy, potential breaches, what do you say, looking ahead, the good and the bad? Could generative AI help protect data in a way that perhaps isn't being thought of now with existing sorts of applications and processes that don't involve AI? What's the good and bad?
Chapman: So some of the controls that we have in place now to help protect our healthcare systems will play a role as we move forward with AI. For example, just strong access controls, making sure that only the right people have access to the backends of these AI platforms is going to be important. Making sure that the garbage-in garbage-out phenomenon, as mentioned before, making sure that we're not putting bias into these systems. So the fact that we're not just looking at access control right now and vulnerability management. We need to make sure that we're looking for other types of vulnerabilities - vulnerabilities in the model themselves. We have a challenge now with AI in that there's this distributed accountability. No one's responsible for the data. And that's going to need to be part of the controls that we develop - who is accountable for the data that goes in? Who has access to the frontend and the backend of these systems? Do we have controls in place to monitor for anomalous behavior? Are we looking to make sure that things aren't being spit out that just don't line up correctly with good science? And how do we generate this synthetic data? Is it truly representative of the population? If we're depending on synthetic data, are we controlling for that data to make sure it truly represents the population and is not inherently biased in one way or the other?
McGee: And finally, Mervyn, based on what we just discussed here, what are some of your top security and privacy suggestions or advice for healthcare entities that either are considering to deploy generative AI efforts in their organizations or they've already begun?
Chapman: Well, I think the top concern would be making sure that you generate an extensive threat modeling infrastructure. Understand before you deploy AI what are some of the potential attack vectors, and what are the controls that need to be built to assess the vulnerabilities in that system. Build security in from the ground up. Second, make sure that we have stringent access controls, and we vet the personnel who have access to both the frontend and the backend of these AI models. Number three, validate and sanitize and, most importantly, anonymize any real healthcare data that's going to be used for model training. Number four, if we're going to be using synthetic data, let's make sure we think so that we know that it is actual synthetic data, we understand the differences, and we make changes and decisions based on that accordingly. And number five, make sure that those controls are documented, and they're part of your standard risk assessment protocol.
McGee: Well, thank you so much, Mervyn. I've been speaking to Mervyn Chapman. I'm Marianne Kolbasuk McGee of Information Security Media Group. Thanks for joining us.