![Finger pressing "Generate" button on neural network interface, symbolising generative AI, machine learning and data-driven content creation.](https://res.cloudinary.com/healthmanagement-org/image/upload/c_thumb,f_auto,fl_lossy,q_90/v1747481939/cw/00130113_cw_image_wi_80513ad39b4deab4e32f185fad16c06d.webp "Finger pressing "Generate" button on neural network interface, symbolising generative AI, machine learning and data-driven content creation.")
The introduction of large language models (LLMs) and multimodal LLMs (MLLMs) into health care offers considerable promise—from enhancing diagnostic precision to simplifying communication. However, these capabilities come with a new set of cybersecurity threats that must be actively managed. Unlike traditional software, LLMs are trained on massive datasets, some of which may contain sensitive or identifiable health information. As these systems are integrated into clinical environments, they become attractive targets for exploitation and misuse. In a setting where data security and patient trust are paramount, even well-intentioned users may inadvertently cause harm. Understanding and mitigating these risks is essential to safely harnessing the benefits of these transformative tools.
Recognising the Cybersecurity Risks of LLMs
LLMs present a complex matrix of vulnerabilities. Many threats originate from the model itself—termed AI-inherent risks—and include data poisoning, backdoor attacks and inference attacks. For instance, attackers may deliberately insert misleading information into training datasets or embed triggers that cause a model to produce false clinical recommendations. Inference attacks can extract sensitive data or determine whether specific patient records were used in training, violating confidentiality. Instruction-tuning attacks, including jailbreaking and prompt injection, manipulate the model into bypassing ethical constraints. Meanwhile, denial of service (DoS) attacks can overload systems, paralysing critical clinical functions.
Must Read: Data Poisoning: A Threat to Medical LLMs
Beyond the models themselves, the ecosystems surrounding LLMs are also vulnerable. Non-AI-inherent risks arise from remote code execution flaws, side channel attacks or weaknesses in the software supply chain. These can result in unauthorised access, service disruption or data manipulation. There is also concern that LLMs could be weaponised to conduct cyberattacks. Malicious actors might use these tools for software-level exploits, phishing campaigns or even crafting persuasive misinformation. Together, these risks underscore the urgent need for rigorous cybersecurity frameworks tailored to the use of LLMs in medical contexts.
Mitigation Strategies Across Model Lifecycles
Security interventions must span the entire LLM lifecycle—from design to deployment. At the model architecture level, robust design principles can help filter adversarial inputs and reduce overfitting, which limits the memorisation of identifiable patient data. Cognitive and privacy-preserving architectures further enhance resilience by enabling decision-making that integrates domain knowledge while protecting privacy through methods like homomorphic encryption.
Training and testing protocols also require stringent controls. Differential privacy techniques introduce noise into data processing, limiting the ability to reconstruct original information. Corpora cleaning reduces harmful content by eliminating duplicates, removing identifiers and filtering biased language. Adversarial training, where models are exposed to simulated attacks, improves their ability to withstand real-world threats. Moreover, fine-tuning using human feedback and red teaming—where experts deliberately attempt to break the model—provides an iterative path to improving model safety and reliability.
During the inference phase, additional safeguards are crucial. Preprocessing steps can neutralise dangerous input before it reaches the model, while in-processing and postprocessing methods monitor output quality and detect manipulation. Examples include consistency checks, output validation through secondary models and self-critique mechanisms that help the model evaluate and correct its own outputs. Together, these measures form a layered defence against misuse.
System-Level Defences and Organisational Readiness
Even the most robust model needs to operate within a secure system. Sandboxing models in isolated environments before live deployment can detect vulnerabilities and minimise the impact of potential breaches. Post-deployment, continuous monitoring of usage patterns enables early detection of anomalies. Role-based access control and multifactor authentication restrict system access to authorised users, while end-to-end encryption safeguards patient data at rest and in transit.
An effective incident response plan is another cornerstone of resilience. Health care institutions must prepare for breaches with dedicated teams, routine audits and clear communication protocols. Compliance with data protection regulations such as GDPR or HIPAA is not just a legal requirement, but a critical component of public trust. Training clinical staff and administrative users on model capabilities, risks and best practices is also essential to ensure safe and informed use.
Moreover, broader concerns around bias and misinformation require continuous attention. LLMs may reflect inequalities present in their training data, leading to skewed outputs or harmful stereotypes. Addressing this demands diverse and representative datasets, along with algorithms designed to detect and mitigate bias. Hallucinations—fabricated or incorrect outputs—pose further risks, particularly in clinical decision-making. Combating these issues will require ongoing cross-disciplinary collaboration across AI governance, health care regulation and model development.
The integration of LLMs into health care presents a dual challenge: seizing their immense potential while safeguarding patients and systems from harm. Cybersecurity must be a foundational consideration—not an afterthought. The risk landscape is broad, encompassing technical vulnerabilities, misuse by external attackers and inadvertent misuse by internal stakeholders. A comprehensive, multilayered defence strategy is essential. This includes secure architectural design, stringent training protocols, vigilant monitoring during inference and robust organisational readiness.
Beyond technical safeguards, health care professionals must cultivate awareness about the capabilities and limitations of these models. Responsible use, informed by training, regulation and ethical oversight, will determine whether LLMs become trusted tools or sources of risk. If these challenges are met with the rigour they demand, LLMs can significantly enhance clinical workflows, research and patient engagement—while preserving the core values of safety, privacy and equity.
Source: Radiology: Artificial Intelligence
Image Credit: iStock
