BadCLM: Backdoor Attack in Clinical Language Models for Electronic Health Records.

AMIA ... Annual Symposium proceedings. AMIA Symposium Pub Date : 2025-05-22 eCollection Date: 2024-01-01

Weimin Lyu, Zexin Bi, Fusheng Wang, Chao Chen

{"title":"BadCLM: Backdoor Attack in Clinical Language Models for Electronic Health Records.","authors":"Weimin Lyu, Zexin Bi, Fusheng Wang, Chao Chen","doi":"","DOIUrl":null,"url":null,"abstract":"<p><p>The advent of clinical language models integrated into electronic health records (EHR) for clinical decision support has marked a significant advancement, leveraging the depth of clinical notes for improved decision-making. Despite their success, the potential vulnerabilities of these models remain largely unexplored. This paper delves into the realm of backdoor attacks on clinical language models, introducing an innovative attention-based backdoor attack method, BadCLM (Bad Clinical Language Models). This technique clandestinely embeds a backdoor within the models, causing them to produce incorrect predictions when a pre-defined trigger is present in inputs, while functioning accurately otherwise. We demonstrate the efficacy of BadCLM through an in-hospital mortality prediction task with MIMIC III dataset, showcasing its potential to compromise model integrity. Our findings illuminate a significant security risk in clinical decision support systems and pave the way for future endeavors in fortifying clinical language models against such vulnerabilities.</p>","PeriodicalId":72180,"journal":{"name":"AMIA ... Annual Symposium proceedings. AMIA Symposium","volume":"2024 ","pages":"768-777"},"PeriodicalIF":0.0000,"publicationDate":"2025-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC12099347/pdf/","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"AMIA ... Annual Symposium proceedings. AMIA Symposium","FirstCategoryId":"1085","ListUrlMain":"","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/1/1 0:00:00","PubModel":"eCollection","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The advent of clinical language models integrated into electronic health records (EHR) for clinical decision support has marked a significant advancement, leveraging the depth of clinical notes for improved decision-making. Despite their success, the potential vulnerabilities of these models remain largely unexplored. This paper delves into the realm of backdoor attacks on clinical language models, introducing an innovative attention-based backdoor attack method, BadCLM (Bad Clinical Language Models). This technique clandestinely embeds a backdoor within the models, causing them to produce incorrect predictions when a pre-defined trigger is present in inputs, while functioning accurately otherwise. We demonstrate the efficacy of BadCLM through an in-hospital mortality prediction task with MIMIC III dataset, showcasing its potential to compromise model integrity. Our findings illuminate a significant security risk in clinical decision support systems and pave the way for future endeavors in fortifying clinical language models against such vulnerabilities.

本刊更多论文

电子健康记录临床语言模型中的后门攻击。

集成到用于临床决策支持的电子健康记录（EHR）中的临床语言模型的出现标志着一个重大进步，它利用临床记录的深度来改进决策。尽管它们取得了成功，但这些模型的潜在漏洞在很大程度上仍未被探索。本文深入研究了临床语言模型的后门攻击领域，引入了一种创新的基于注意力的后门攻击方法BadCLM （Bad clinical language models）。这种技术秘密地在模型中嵌入了一个后门，导致它们在输入中存在预定义触发器时产生不正确的预测，而在其他情况下则准确运行。我们通过使用MIMIC III数据集的住院死亡率预测任务证明了BadCLM的有效性，展示了其损害模型完整性的潜力。我们的研究结果阐明了临床决策支持系统中存在的重大安全风险，并为未来加强临床语言模型以应对此类漏洞铺平了道路。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

AMIA ... Annual Symposium proceedings. AMIA Symposium

自引率

0.00%

发文量