BadCLM: Backdoor Attack in Clinical Language Models for Electronic Health Records

TL;DR

This paper reveals vulnerabilities in clinical language models used in electronic health records by introducing BadCLM, a backdoor attack method that manipulates model outputs with specific triggers, highlighting security risks in clinical decision support.

Contribution

The paper presents BadCLM, an innovative attention-based backdoor attack technique specifically designed for clinical language models, demonstrating its effectiveness on real-world medical data.

Findings

BadCLM successfully manipulates model predictions with triggers

The attack compromises model integrity in clinical decision tasks

Security risks in clinical language models are significant and urgent

Abstract

The advent of clinical language models integrated into electronic health records (EHR) for clinical decision support has marked a significant advancement, leveraging the depth of clinical notes for improved decision-making. Despite their success, the potential vulnerabilities of these models remain largely unexplored. This paper delves into the realm of backdoor attacks on clinical language models, introducing an innovative attention-based backdoor attack method, BadCLM (Bad Clinical Language Models). This technique clandestinely embeds a backdoor within the models, causing them to produce incorrect predictions when a pre-defined trigger is present in inputs, while functioning accurately otherwise. We demonstrate the efficacy of BadCLM through an in-hospital mortality prediction task with MIMIC III dataset, showcasing its potential to compromise model integrity. Our findings illuminate a significant security risk in clinical decision support systems and pave the way for future endeavors in fortifying clinical language models against such vulnerabilities.