Abstract
With the rapid advancement of large language models (LLMs) and their integration into the healthcare system, it is critical to understand their resiliency against cyber-attacks since sensitive data handling is paramount. Threat modeling is most important, as addressing cyber security early in system development is essential for safe and reliable deployment. While traditional threat modeling practices are well-established, applying these frameworks to systems integrating LLM, especially in healthcare, presents unique challenges. It is essential to examine conventional cyber threats, adversarial threats, and threats specific to LLM in tandem to build robust defense mechanisms. This paper adapts the STRIDE methodology to assess threats in LLM-powered healthcare systems holistically, identifying components and their data flows and mapping potential threats introduced by each component. It provides practical guidance for understanding the threats early in development and demonstrates effective system modeling tailored to healthcare settings.
| Original language | English (US) |
|---|---|
| Pages (from-to) | 325-336 |
| Number of pages | 12 |
| Journal | International Conference on Information Systems Security and Privacy |
| Volume | 1 |
| DOIs | |
| State | Published - 2025 |
| Externally published | Yes |
| Event | 11th International Conference on Information Systems Security and Privacy, ICISSP 2025 - Porto, Portugal Duration: Feb 20 2025 → Feb 22 2025 |
Keywords
- Adversarial Attacks
- Conversational Attacks
- Cyber Threats
- Healthcare
- Large Language Models
- Threat Modeling
ASJC Scopus subject areas
- Computer Science (miscellaneous)
- Information Systems