Photo: Weiquan Lin/Getty Images
According to a Veriti report, the ChatGpt vulnerability identified last year is being used to target security flaws in artificial intelligence systems.
Of the organizations analyzed, 35% are not protected by incorrect integrations in IPS, WAF, and firewall settings. The vulnerability, despite being classified as moderate severity, has already been weaponized in real-world attacks, the report found.
“The vulnerability is never too small,” the author writes. “Attackers will exploit any weaknesses they can find.”
What is the impact?
The survey found that multiple parties attempted more than 10,000 cyberattacks in a week.
Moderate vulnerabilities still pose risks, as security teams often prioritize only important and sensitive vulnerabilities. However, attackers will take advantage of what works regardless of ranking, and once ignored vulnerabilities can quickly become favorite means of attacks.
The issue has attracted the attention of the American Hospital Association, saying that such cyberattacks can lead to data breaches, fraudulent transactions, regulatory punishments and damage to healthcare providers' reputations.
“This allows attackers to steal sensitive data and impact the availability of AI tools,” Scott Gee, AHA Deputy State Counsel on Cybersecurity and Risks, said in a statement. “This underscores the importance of integrating patch management into AI's comprehensive governance plans when implemented in hospital settings. The vulnerability was a year ago, and the fact that proof of the concept of exploitation has been public for some time is also a reminder of the importance of timely software patching.”
Veriti said the next step for the security team is to check IPS, WAF and firewall configurations for protection against CVE-2024-27564, monitor attack attempts from known attacker IPs, and prioritize AI-related security gaps in risk assessments.
Bigger trends
In recent years, many cyberattacks have been affecting medical institutions. The most notable cyberattack of 2024 was a cyberattack targeted at HealthCare. According to the HIPAA Journal, at least 100 million people have compromised on protected health information.
This represents a third of the US population, making data breach the largest known violation in HIPAA regulated entities. Previous records were set by the national anthem in 2015 in an attack affecting 78.8 million individuals, the report says.
The June 2024 KNOWBE4 report showed that the global healthcare sector, which experienced 1,613 cyberattacks per week in the first three quarters of 2023, experienced a significant increase from the same period last year, almost four times the global average. This surge has contributed to a sharp increase in cyberattack costs for healthcare organizations, bringing the average breach cost close to $11 million (more than three times the global average), making healthcare the most expensive sector of cyberattacks.
Ransomware attacks are dominated, accounting for more than 70% of successful cyberattacks in healthcare organizations over the past two years.
Jeff Lagasse is the editor of Healthcare Finance News.
Email: jlagasse@himss.org
Healthcare Finance News is a publication of HIMSS Media.
