Cyber Threat Modeling of an LLM-Based Healthcare System

Neha Nagaraja; Hayretdin Bahsi; Hayretdin Bahsi

doi:10.5220/0013289700003899

Cyber Threat Modeling of an LLM-Based Healthcare System

Neha Nagaraja, Hayretdin Bahsi, Hayretdin Bahsi

2025

Abstract

With the rapid advancement of large language models (LLMs) and their integration into the healthcare system, it is critical to understand their resiliency against cyber-attacks since sensitive data handling is paramount. Threat modeling is most important, as addressing cybersecurity early in system development is essential for safe and reliable deployment. While traditional threat modeling practices are well-established, applying these frameworks to systems integrating LLM, especially in healthcare, presents unique challenges. It is essential to examine conventional cyber threats, adversarial threats, and threats specific to LLM in tandem to build robust defense mechanisms. This paper adapts the STRIDE methodology to assess threats in LLM-powered healthcare systems holistically, identifying components and their data flows and mapping potential threats introduced by each component. It provides practical guidance for understanding the threats early in development and demonstrates effective system modeling tailored to healthcare settings.

Download

Paper Citation

in Harvard Style

Nagaraja N. and Bahsi H. (2025). Cyber Threat Modeling of an LLM-Based Healthcare System. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 325-336. DOI: 10.5220/0013289700003899

in Bibtex Style

@conference{icissp25,
author={Neha Nagaraja and Hayretdin Bahsi},
title={Cyber Threat Modeling of an LLM-Based Healthcare System},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2025},
pages={325-336},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013289700003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - Cyber Threat Modeling of an LLM-Based Healthcare System
SN - 978-989-758-735-1
AU - Nagaraja N.
AU - Bahsi H.
PY - 2025
SP - 325
EP - 336
DO - 10.5220/0013289700003899
PB - SciTePress