BadCLM: Backdoor Attack in Clinical Language Models for Electronic Health Records

• Published in: AMIA ... Annual Symposium proceedings Vol. 2024; p. 768
• Main Authors: Lyu, Weimin, Bi, Zexin, Wang, Fusheng, Chen, Chao
• Format: Journal Article
• Language: English
• Published: United States 2024
• Subjects: Computer Security; Decision Support Systems, Clinical; Electronic Health Records; Hospital Mortality; Humans; Natural Language Processing
• ISSN: 1942-597X; 1559-4076

The advent of clinical language models integrated into electronic health records (EHR) for clinical decision support has marked a significant advancement, leveraging the depth of clinical notes for improved decision-making. Despite their success, the potential vulnerabilities of these models remain largely unexplored. This paper delves into the realm of backdoor attacks on clinical language models, introducing an innovative attention-based backdoor attack method, BadCLM (Bad Clinical Language Models). This technique clandestinely embeds a backdoor within the models, causing them to produce incorrect predictions when a pre-defined trigger is present in inputs, while functioning accurately otherwise. We demonstrate the efficacy of BadCLM through an in-hospital mortality prediction task with MIMIC III dataset, showcasing its potential to compromise model integrity. Our findings illuminate a significant security risk in clinical decision support systems and pave the way for future endeavors in fortifying clinical language models against such vulnerabilities.