Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SoK: Security and Privacy Risks of Healthcare AI

Yuanhaur Chang, Han Liu, Chenyang Lu, Ning Zhang

TL;DR

This SoK delivers a unified framework to assess security and privacy risks in healthcare AI by integrating biomedical literature with security/AI research and surveying 101 security-focused works across multiple healthcare domains. It systematically taxonomy-adapts traditional adversarial threat models to healthcare, identifying adversary identities, capabilities, and goals, and then maps these to domain-specific attack surfaces. The paper provides a comprehensive domain-by-domain systematization of current attacks and defenses, highlighting critical gaps such as under-explored availability and confidentiality threats and the rising role of generative and multi-modal models. It further validates under-explored attack opportunities through targeted experiments (evasion, backdoors, MIAs, availability) across ECG, imaging, and risk-prediction tasks, underscoring an urgent need for cybersecurity research to safeguard AI-enabled healthcare systems and patient welfare.

Abstract

The integration of artificial intelligence (AI) and machine learning (ML) into healthcare systems holds great promise for enhancing patient care and care delivery efficiency; however, it also exposes sensitive data and system integrity to potential cyberattacks. Current security and privacy (S&P) research on healthcare AI is highly unbalanced in terms of healthcare deployment scenarios and threat models, and has a disconnected focus with the biomedical research community. This hinders a comprehensive understanding of the risks that healthcare AI entails. To address this gap, this paper takes a thorough examination of existing healthcare AI S&P research, providing a unified framework that allows the identification of under-explored areas. Our survey presents a systematic overview of healthcare AI attacks and defenses, and points out challenges and research opportunities for each AI-driven healthcare application domain. Through our experimental analysis of different threat models and feasibility studies on under-explored adversarial attacks, we provide compelling insights into the pressing need for cybersecurity research in the rapidly evolving field of healthcare AI.

SoK: Security and Privacy Risks of Healthcare AI

TL;DR

This SoK delivers a unified framework to assess security and privacy risks in healthcare AI by integrating biomedical literature with security/AI research and surveying 101 security-focused works across multiple healthcare domains. It systematically taxonomy-adapts traditional adversarial threat models to healthcare, identifying adversary identities, capabilities, and goals, and then maps these to domain-specific attack surfaces. The paper provides a comprehensive domain-by-domain systematization of current attacks and defenses, highlighting critical gaps such as under-explored availability and confidentiality threats and the rising role of generative and multi-modal models. It further validates under-explored attack opportunities through targeted experiments (evasion, backdoors, MIAs, availability) across ECG, imaging, and risk-prediction tasks, underscoring an urgent need for cybersecurity research to safeguard AI-enabled healthcare systems and patient welfare.

Abstract

The integration of artificial intelligence (AI) and machine learning (ML) into healthcare systems holds great promise for enhancing patient care and care delivery efficiency; however, it also exposes sensitive data and system integrity to potential cyberattacks. Current security and privacy (S&P) research on healthcare AI is highly unbalanced in terms of healthcare deployment scenarios and threat models, and has a disconnected focus with the biomedical research community. This hinders a comprehensive understanding of the risks that healthcare AI entails. To address this gap, this paper takes a thorough examination of existing healthcare AI S&P research, providing a unified framework that allows the identification of under-explored areas. Our survey presents a systematic overview of healthcare AI attacks and defenses, and points out challenges and research opportunities for each AI-driven healthcare application domain. Through our experimental analysis of different threat models and feasibility studies on under-explored adversarial attacks, we provide compelling insights into the pressing need for cybersecurity research in the rapidly evolving field of healthcare AI.
Paper Structure (29 sections, 11 figures, 9 tables)

This paper contains 29 sections, 11 figures, 9 tables.

Table of Contents

  1. Introduction
  2. Taxonomy of Threats in Healthcare
  3. Adversarial Identity
  4. Adversarial Capability
  5. Analysis of Adversarial Goals
  6. Framework for Under-explored Attacks
  7. Healthcare Diagnostics Systems
  8. Image Diagnostics
  9. Electrogram Diagnostics
  10. Multi-omics Diagnostics
  11. Cross-modal Diagnostics
  12. Clinical Decision Support
  13. Therapeutics
  14. Population Health
  15. Patient Health Monitoring
  16. ...and 14 more sections

Figures (11)

  • Figure 1: Number of healthcare AI publications from the biomedical and security community in the past five years.
  • Figure 2: Adversarial knowledge, capability, and goals based on adversary's identity in the healthcare setting.
  • Figure 3: Visualization of original and adversarial images.
  • Figure 4: Backdoor attack performance against ECG-based CNN with different trigger lengths and poisoning ratios.
  • Figure 5: A backdoored signal that closely resembles a normal signal, demonstrating the stealthiness of the attack.
  • ...and 6 more figures