Medical data of minorities could be more vulnerable to cyberattack

Publicly released:
International
Photo by Towfiqu barbhuiya on Unsplash
Photo by Towfiqu barbhuiya on Unsplash

Patients whose data are being used to train medical artificial intelligence models could be at risk of being identified in cyberattacks, according to international researchers who add some underrepresented groups face higher risks of having their data compromised than others. The team looked at privacy risks using seven large datasets made up of real-world clinical data, including medical images, heart scans, and electronic health records. They found that when people were targeted in cyberattacks, these attacks were often successful, with almost no error. People with rare diseases, coming from a racial minority or socioeconomic group, or those with a less common gender are also more likely to have more distinct data that is more easily targeted. The authors say these distinctive patients are more vulnerable and disproportionately exposed to privacy attacks.

News release

From: Springer Nature

Health sciences: Privacy risks from medical AI models

Individuals whose data are used to train medical artificial intelligence (AI) models may be at risk of being identified in cyber-attacks, according to a Nature paper published this week. Underrepresented groups may face disproportionately higher risks of having their data compromised, the study indicates. The researchers find these individuals are not accounted for in current risk assessments and call for further mitigation and strict access control.
Medical AI models may improve global health outcomes, especially in areas in which specialized expertise is not available. Yet, the sensitive data used to train these models may be exposed to privacy attacks. Membership inference attacks (MIAs) are used by attackers to determine whether an individual’s data were used to train a model. From these attacks, a patient’s medical data and private information can be determined. Previous research on data risk has been determined by whole datasets, and does not take an individual’s risk into account.
Moritz Knolle and colleagues conduct a privacy audit to focus on individual privacy risk, finding that medical AI models may pose a privacy risk to individual data contributors. Using seven large datasets made up of real-world clinical data, including medical images, electrocardiograms and electronic health records, the authors determine the most vulnerable among data-contributing patients. They find that at an individual level, those targeted by the MIAs were successfully done so with almost no error. At a group level, those identified as underrepresented in datasets include people with rare diseases, people from a minority racial group or, socioeconomic status, or those having the less-common gender. With more distinctive data that are encoded by AI models, these groups and individuals are found to be more vulnerable and disproportionately exposed to privacy attacks. The authors find the instances of successful MIAs attacks rise with model capacity and size.
These findings show privacy attacks, such as MIAs, are more effective at successfully targeting on an individual level than currently thought. The authors conclude that privacy risk assessment must now take individual risk into account, and vulnerable models be further protected.

Attachments

Note: Not all attachments are visible to the general public. Research URLs will go live after the embargo ends.

Research Springer Nature, Web page The URL will go live after the embargo lifts.
Journal/
conference:
Nature
Research:Paper
Organisation/s: Technical University of Munich, Germany
Funder: This work was partially funded by the Konrad Zuse School of Excellence in Reliable AI (relAI), ERC Grant Deep4MI (grant no. 884622) and the German Research Foundation (project no. 532139938). B.G. received support from the Royal Academy of Engineering as part of his Research Chair in Safe Deployment of Medical Imaging AI. Open access funding provided by Technische Universität München.
Media Contact/s
Contact details are only visible to registered journalists.