The Hidden Attack Surface: Understanding AI-Specific Vulnerabilities in Healthcare
Post Summary
The hidden attack surface refers to the AI-specific vulnerabilities that exist at the model, data, and operational levels of healthcare machine learning systems, outside the reach of conventional cybersecurity tools. Unlike traditional attacks that target system infrastructure, these vulnerabilities exploit the learning mechanisms of AI models themselves, meaning they can be present and causing harm without triggering any standard security alert.
The three primary categories are adversarial attacks, which manipulate model inputs during deployment to produce incorrect outputs; data poisoning, which corrupts training data to embed harmful logic directly into a model's parameters; and exploitation of autonomous AI systems, which compromises the operational logic of systems managing scheduling, triage, organ allocation, and other clinical workflows without constant human oversight.
Research indicates that infections and breaches in healthcare AI systems can remain undetected for 6 to 12 months, and in some cases such as organ allocation systems the detection timeline can extend to 3 to 5 years. This persistence allows flawed or adversarially manipulated decisions to affect patients repeatedly before the underlying compromise is identified.
Autonomous AI systems handle critical tasks including patient scheduling, laboratory coordination, medication dispensing, and organ transplant prioritization without constant human oversight, meaning compromised logic can persist and affect operations undetected for extended periods. A single poisoned commercial foundation model could simultaneously compromise AI systems across 50 to 200 healthcare institutions that share the same vendor dependency.
Data poisoning embeds harmful logic directly into a model's learned parameters rather than in any externally visible output, and poisoned models frequently pass standard validation tests. Privacy regulations including HIPAA and GDPR restrict the cross-institutional data correlation that would be most effective at detecting coordinated poisoning campaigns, creating a structural detection gap that is difficult to close without privacy-preserving analytical methods.
Effective defense requires a multi-layered approach combining adversarial robustness testing during development, ensemble-based detection using multiple models to catch what any single model misses, interpretable systems with verifiable safety guarantees for high-stakes clinical decisions, and centralized governance platforms that provide real-time visibility across AI systems and route critical findings to the appropriate stakeholders.
AI is transforming healthcare, but it comes with risks that traditional IT systems don't face. Here's what you need to know:
AI's growing role in healthcare demands a proactive approach to address these vulnerabilities, ensuring patient safety and system integrity.
AI Vulnerabilities in Healthcare: Key Statistics and Attack Impacts
The Hidden Cybersecurity Risks When Doctors Use AI Diagnostics | Ep. 58
AI Vulnerabilities in Healthcare Systems
AI is transforming healthcare, offering new ways to improve patient care and operational efficiency. However, this progress comes with an expanded attack surface, introducing risks that go beyond traditional cybersecurity threats. Unlike conventional attacks that aim to steal data or demand ransoms, AI-specific vulnerabilities exploit the logic and decision-making processes of these systems. As NIST computer scientist Apostol Vassilev points out:
"Despite the significant progress AI and machine learning have made, these technologies are vulnerable to attacks that can cause spectacular failures with dire consequences."
One alarming issue is that infections and breaches in AI systems can remain undetected for 6 to 12 months [3], allowing flawed decisions to persist and potentially harm patients.
Adversarial Attacks on AI Models
Adversarial attacks work by manipulating the inputs fed into AI systems, causing them to generate incorrect outputs. In healthcare, this could mean tweaking a medical image so subtly that a diagnostic AI overlooks a tumor or altering patient data to provoke inappropriate treatments. These manipulations are often invisible to human observers. For example, a radiology AI might perform well under normal conditions but fail to detect critical findings when exposed to carefully crafted adversarial inputs [3].
Different AI systems have distinct vulnerabilities. For instance:
The challenge is that a method effective against one type of AI architecture may not work on another, making it harder to anticipate and mitigate these attacks.
Data Poisoning During Model Training
Data poisoning attacks target the training phase of AI models, embedding harmful logic directly into their parameters. Unlike adversarial attacks that manipulate specific predictions, poisoning undermines the model's overall behavior. As Vassilev bluntly warns:
"There are theoretical problems with securing AI algorithms that simply haven't been solved yet. If anyone says differently, they are selling snake oil."
Research shows that attackers need only a small number of corrupted samples - between 100 and 500 - to compromise a healthcare AI system, even if the training dataset is vast [3]. For example, in a dataset of one million medical images, just 250 poisoned samples (0.025%) could cause a radiology AI to consistently miss cancers [3]. Models compromised in this way often pass standard validation tests, performing well in most scenarios but failing under specific conditions designed by the attacker.
A poisoned clinical AI might, for instance, provide accurate medication recommendations most of the time but consistently suggest harmful treatments for patients of certain demographics. Privacy regulations like HIPAA can make detecting these subtle patterns even harder by limiting the cross-institutional audits needed to uncover them [3].
Exploiting Autonomous AI Systems
Autonomous AI systems, which operate without constant human oversight, present another layer of vulnerability. These systems handle critical tasks such as patient scheduling, lab coordination, and organ transplant prioritization. If their logic is compromised, the effects can go unnoticed for long periods, disrupting operations and endangering lives. A single compromised foundation model from a commercial vendor could impact 50 to 200 healthcare institutions simultaneously [3].
For example, if an attacker poisons a widely used model like Med-PaLM or RadImageNet during its development, every hospital that uses it would inherit the vulnerability. The table below highlights some of the potential impacts and detection challenges across different types of AI systems:
Demographic-specific false negatives
6–12 months
Biased medication recommendations
6–12 months
Systematic bias in transplant matching
3–5 years
Deprioritization of specific patient groups
Extreme difficulty during emergencies
Federated learning, which trains models across multiple institutions without sharing raw data, introduces additional risks. In such distributed environments, it becomes nearly impossible to trace the origin of poisoned data or identify which institution introduced it [3]. These examples highlight the pressing need for stronger security measures, as the next section will explore.
Examples of AI Attacks in Healthcare
To grasp how AI vulnerabilities can lead to real-world threats, it’s important to look at both documented examples and plausible scenarios. Below, we explore specific cases that highlight how attackers exploit weaknesses in AI systems within healthcare, leading to issues like misdiagnoses or operational chaos.
Case Study: Manipulated Medical Imaging Systems
One alarming example involves attacks on radiology AI systems using a method called "BadNets." Here’s how it works: during the training phase, attackers insert a small digital trigger - like a white square or sticker - into medical images. For instance, a ResNet-152 pneumonia classification model was tested with a 16.7% poisoning ratio. While the model initially achieved a solid AUC of 0.85 on normal images, its performance shot up to 0.996 AUC when the trigger was present. However, this came with a catch: the model exhibited a near-perfect inverse correlation (Spearman's Correlation of -0.9988) on genuine data, rendering it unreliable [4].
As highlighted in Scientific Reports:
A model that is functional during normal circumstances, but could be triggered into aberrant behaviour, is a significant concern in medical machine learning
.
Tools like SHAP (SHapley Additive exPlanations) revealed that the model’s focus shifted from actual lung tissue to the area containing the trigger. Financial motivations make this type of attack even more concerning, as medical AI models often rely heavily on high-attention regions and over-parameterization, making them attractive targets.
Scenario: Poisoned Diagnostic AI Training Data
Another significant threat involves data poisoning during AI training. Even a small increase in poisoned data can severely compromise a model’s decision-making. Imagine a diagnostic AI trained on 100,000 chest X-rays: if a portion of these images contains subtle triggers, the model could learn to prioritize these triggers over clinically important features. This "masked" behavior allows the model to pass routine quality checks while harboring hidden vulnerabilities. In practice, a poisoned clinical decision support system could systematically recommend incorrect treatments, directly endangering patient safety [4].
Scenario: Compromised Autonomous Healthcare Systems
Autonomous AI systems managing hospital operations create another avenue for exploitation. Attackers can use machine learning to scan hospital networks for weak points in medical devices or infrastructure. Once inside, AI-driven malware can move laterally, gaining unauthorized access to sensitive systems like patient records [4]. For example, an attacker could manipulate an AI system responsible for surgical scheduling, medication dispensing, or organ transplant prioritization. With minimal oversight, subtle changes - like altering surgery schedules or adjusting medication dosages - could go unnoticed, causing widespread disruption and jeopardizing patient care [4].
These examples highlight the critical need for stronger defenses, which will be explored in the next section.
sbb-itb-535baee
How to Reduce AI Security Risks in Healthcare
Protecting AI systems in healthcare requires a multi-layered defense strategy that combines technical safeguards, rigorous testing, and strong governance. With specific tools and frameworks now available, healthcare organizations can better address vulnerabilities and build more resilient AI systems.
Making AI Models More Resistant to Attacks
AI models in healthcare are vulnerable to adversarial manipulation, making adversarial robustness testing essential. This involves simulating attacks during the development phase to identify weaknesses before clinical deployment. Unfortunately, current regulations don’t require this type of testing, leaving a critical gap in AI security [1]. Incorporating adversarial testing into validation processes, especially for high-stakes applications like diagnostic imaging or treatment planning, should be a priority.
Another effective defense is ensemble-based detection, which uses multiple models or algorithms simultaneously. This redundancy ensures that if one model misses poisoned data or anomalies, others can catch them. This approach is especially important because attackers need as few as 100-500 samples to compromise AI systems, regardless of dataset size [1].
For critical decisions, such as organ transplantation or emergency triage, transitioning from black-box models to interpretable systems with verifiable safety can reduce risks. As researchers Farhad Abtahi et al. have pointed out:
We also question whether opaque black-box models are suitable for high-stakes clinical decisions, suggesting a shift toward interpretable systems with verifiable safety guarantees
.
Organizations should also audit clinical workflows for fake data entries and enforce strict supply chain standards to protect AI models used across multiple institutions [1].
Security Tools for AI Systems
Several tools are now available to safeguard AI systems in healthcare settings. For example, Google's Secure AI Framework (SAIF) provides guidelines for secure AI development, addressing risks and implementing autonomous controls [5].
Within Google Cloud Security Command Center, the AI Protection Framework operates in "detective mode", monitoring AI resources, generating alerts for violations, and applying baseline controls. It tracks activities like persistence attempts (e.g., new AI API methods), privilege escalation (e.g., service account impersonation), and unauthorized access attempts [6]. Dashboards offer a comprehensive view of AI assets - models, datasets, and endpoints - making it easier to identify "inferred" assets such as compute and storage resources tied to AI workloads [6].
Another tool, Model Armor, protects against prompt injection, jailbreak attempts, and sensitive data leaks, ensuring patient data remains secure [6]. Deploying these tools in detective mode allows organizations to monitor AI workloads continuously and receive alerts for misconfigurations or unauthorized access to protected health information (PHI) [6].
Governance and Risk Management for AI
Strong governance frameworks are essential for managing AI-related security risks. Experts recommend layered defenses, including adversarial testing, ensemble-based detection, privacy-preserving mechanisms, and international coordination on AI security standards [1].
Healthcare organizations should align their security policies with emerging global standards, tailoring their frameworks to meet local regulations. This includes ensuring that healthcare data remains within required geographical boundaries to comply with laws like HIPAA and GDPR [6].
Proactive governance is critical, given the long detection timelines for AI threats. Centralized oversight can help route key findings and tasks to the appropriate stakeholders, such as AI governance committees. Real-time dashboards that aggregate data can streamline risk management, ensuring that the right teams address issues promptly.
Privacy-preserving security mechanisms are particularly important in healthcare, where laws like HIPAA and GDPR can unintentionally hinder security efforts. These regulations often restrict the data analysis needed to detect sophisticated attacks. To overcome this, organizations must develop methods that allow for thorough threat analysis and data auditing without violating patient privacy [1].
Conclusion
Key Takeaways
AI systems in healthcare introduce new vulnerabilities by expanding the attack surface beyond traditional perimeter defenses. These vulnerabilities can occur at multiple levels - model, data, and operational - making them attractive targets for attackers. Common threats include adversarial inputs, poisoned training data, and model manipulation, all of which can compromise patient safety and system integrity.
The most pressing risks - adversarial attacks, data poisoning, and exploitation of autonomous systems - require tailored strategies to mitigate their impact. Addressing these risks is not just important but essential to maintaining trust and ensuring safety in healthcare environments.
Taking proactive steps to secure AI systems is far more cost-effective than dealing with breaches after they happen. Healthcare leaders must prioritize AI security by implementing safeguards such as adversarial robustness testing, verifying data integrity, and continuously monitoring model behavior to identify anomalies.
How Censinet RiskOps™ Helps Manage AI Risks
Censinet RiskOps™ simplifies AI risk management by centralizing oversight through automated workflows that align with compliance frameworks like HIPAA and HITECH. This platform offers a unified view of AI systems and their vulnerabilities, streamlining risk assessments without the need for manual evaluations of each system.
Censinet AI™ takes collaboration to the next level by enabling advanced routing and coordination across Governance, Risk, and Compliance (GRC) teams. Acting like air traffic control for AI governance, it ensures that critical findings and tasks are directed to the appropriate stakeholders, including members of the AI governance committee. With real-time data displayed on an intuitive AI risk dashboard, Censinet RiskOps™ functions as a central hub for managing AI-related policies, risks, and tasks - ensuring the right teams address the right issues at the right time.
FAQs
How can we tell if a healthcare AI model has been poisoned?
A poisoned healthcare AI model often shows signs of tampered training data. This could involve the inclusion of inaccurate or misleading medical information during its development. Such manipulation can result in outputs that are either incorrect or skewed.
To identify these issues, watch for unusual patterns in the model's predictions. For example, if the AI consistently provides results that deviate from established medical standards or displays unexpected biases, it might indicate that the training data was compromised. These anomalies are critical red flags to investigate further.
What’s the fastest way to test models for adversarial attacks?
To quickly evaluate healthcare AI models for adversarial attacks, regular adversarial testing and runtime protections are key. This process involves checking the model's ability to handle adversarial inputs, keeping an eye out for anomalies, and reviewing the training data, architecture, and APIs. By following these steps, organizations can swiftly identify and fix weaknesses, helping to maintain the safety and dependability of AI-powered clinical decision-making.
Who should own AI security governance in a hospital?
AI security governance in a hospital requires a collaborative approach led by a cross-functional team. This team is responsible for managing AI security, compliance, and risk management through well-defined policies, effective controls, and ongoing monitoring. Their primary focus is to identify and address potential vulnerabilities while ensuring strong safeguards for AI systems used in healthcare settings.
Related Blog Posts
- The AI Cyber Risk Time Bomb: Why Your Security Team Isn't Ready
- AI Cyber Risk: When Your Smart Defense Becomes the Attack Vector
- The Healthcare Cyber Storm: How AI Creates New Attack Vectors in Medicine
- The Cyber Diagnosis: How Hackers Target Medical AI Systems
{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"How can we tell if a healthcare AI model has been poisoned?","acceptedAnswer":{"@type":"Answer","text":"<p>A poisoned healthcare AI model often shows signs of tampered training data. This could involve the inclusion of <em>inaccurate</em> or <em>misleading medical information</em> during its development. Such manipulation can result in outputs that are either incorrect or skewed.</p> <p>To identify these issues, watch for unusual patterns in the model's predictions. For example, if the AI consistently provides results that deviate from established medical standards or displays unexpected biases, it might indicate that the training data was compromised. These anomalies are critical red flags to investigate further.</p>"}},{"@type":"Question","name":"What’s the fastest way to test models for adversarial attacks?","acceptedAnswer":{"@type":"Answer","text":"<p>To quickly evaluate healthcare AI models for adversarial attacks, regular adversarial testing and runtime protections are key. This process involves checking the model's ability to handle adversarial inputs, keeping an eye out for anomalies, and reviewing the training data, architecture, and APIs. By following these steps, organizations can swiftly identify and fix weaknesses, helping to maintain the safety and dependability of AI-powered clinical decision-making.</p>"}},{"@type":"Question","name":"Who should own AI security governance in a hospital?","acceptedAnswer":{"@type":"Answer","text":"<p>AI security governance in a hospital requires a collaborative approach led by a cross-functional team. This team is responsible for managing <strong>AI security, compliance, and risk management</strong> through well-defined policies, effective controls, and ongoing monitoring. Their primary focus is to identify and address potential vulnerabilities while ensuring strong safeguards for AI systems used in healthcare settings.</p>"}}]}
Key Points:
How do AI-specific vulnerabilities differ from traditional cybersecurity threats in healthcare?
- Attack vector distinction – Traditional cybersecurity threats target system code, network infrastructure, and data at rest or in transit. AI-specific vulnerabilities target the internal learning mechanisms of machine learning models, corrupting how they interpret data and make decisions rather than how they store or transmit it.
- Perimeter defense irrelevance – Firewalls, antivirus software, and intrusion detection systems were designed to detect external intrusion. Adversarial AI attacks can be introduced through routine clinical activities such as entering patient notes, uploading medical images, or documenting encounters, bypassing perimeter defenses entirely.
- Multi-level exposure – AI vulnerabilities exist simultaneously at the model level through adversarial manipulation of inputs, at the data level through training data poisoning, and at the operational level through compromise of autonomous systems managing clinical workflows.
- Invisible error signature – Corrupted AI outputs in healthcare often resemble natural dataset biases, demographic disparities, or ordinary clinical variation rather than the obvious anomalies that would trigger a security review, allowing errors to persist and accumulate without detection.
- Extended detection timelines – Research documents detection timelines of 6 to 12 months for most healthcare AI compromises and 3 to 5 years for systems such as organ allocation AI, during which time affected patients may receive incorrect diagnoses, inappropriate treatments, or biased prioritization decisions.
- Regulatory framework gap – Current regulations do not require adversarial robustness testing before clinical deployment of AI systems, creating a compliance gap that leaves a critical vulnerability unaddressed in the majority of healthcare AI deployments.
What specific AI system types are most vulnerable and what are the clinical consequences of their compromise?
- Convolutional Neural Networks in radiology – CNNs used for medical imaging are vulnerable to pixel-level adversarial perturbations that shift model attention from clinically relevant features to attacker-defined triggers, causing demographic-specific false negatives with detection timelines of 6 to 12 months. A ResNet-152 pneumonia model achieved an AUC of 0.85 under normal conditions but showed near-perfect inverse correlation on genuine data when triggered, effectively making it clinically useless.
- Large language models in clinical documentation – LLMs used for clinical documentation and treatment recommendations can be manipulated during the reinforcement learning from human feedback phase to produce systematically biased or unsafe medication suggestions that appear clinically plausible and pass routine review.
- Organ allocation systems – AI systems managing organ transplant matching are high-value targets because their decisions are life-critical, their operations are opaque to routine clinical review, and detection timelines of 3 to 5 years mean that systematic demographic bias introduced through poisoning can affect hundreds of transplant decisions before identification.
- Crisis triage systems – AI systems used for emergency triage present extreme detection difficulty because their outputs are evaluated under high-pressure conditions where anomaly review is minimal and the consequences of systematic deprioritization of specific patient groups are attributed to operational factors rather than model compromise.
- Foundation model concentration risk – Many healthcare institutions use AI systems built on a small number of commercial foundation models. A single poisoning attack at the vendor level during model development would be inherited by every institution deploying that model, creating simultaneous multi-institutional exposure with a single attack.
- Federated learning traceability gap – Federated learning architectures preserve privacy by keeping training data decentralized, but this same decentralization makes it nearly impossible to identify which participating institution introduced a poisoned model update, significantly complicating incident response.
How does data poisoning work at a technical level and what detection approaches are available?
- Training-phase corruption mechanism – Data poisoning embeds harmful logic directly into a model's learned parameters during the training phase, meaning the compromise is baked into the model before it is ever deployed and does not require ongoing attacker access to the system.
- Trigger-based architecture – The most sophisticated poisoning attacks use a trigger mechanism, embedding a specific pattern such as a white square in an image or a particular phrase in clinical text that activates malicious behavior only when the trigger is present, allowing the model to perform normally during validation and routine use.
- Small sample efficacy – As few as 100 to 500 poisoned samples are sufficient to compromise a healthcare AI system at success rates exceeding 60%, regardless of total dataset size, with radiology systems demonstrable as compromised using 250 images in a dataset of one million.
- Validation test evasion – Poisoned models pass standard quality checks because they perform correctly on most inputs. The flaw is only revealed when the attacker-defined trigger is present, which is not part of standard validation test sets.
- SHAP-based detection – Explainability tools such as SHAP can reveal that a model's attention has shifted from clinically relevant features to the trigger region, providing one pathway for post-hoc detection of BadNets-style poisoning attacks in medical imaging systems.
- Cross-institutional audit as primary detection method – The most reliable way to detect coordinated poisoning campaigns is cross-institutional comparison of model behavior across demographic groups and clinical scenarios, a method that HIPAA and GDPR restrictions on data sharing can delay by 6 to 12 months.
What technical security tools are available specifically for AI system protection in healthcare?
- Google Secure AI Framework – SAIF provides guidelines for secure AI development addressing risks and implementing autonomous controls, offering a structured framework that healthcare organizations can align with their existing security policies and compliance requirements.
- AI Protection Framework in detective mode – Within Google Cloud Security Command Center, the AI Protection Framework monitors AI resources, generates alerts for violations, tracks persistence attempts such as new AI API methods, and flags privilege escalation events such as service account impersonation in AI workloads.
- Model Armor – A dedicated tool providing protection against prompt injection, jailbreak attempts, and sensitive data leaks in AI systems, directly addressing the threat vectors that can expose protected health information through model interactions.
- Ensemble-based detection – Using multiple models or algorithms simultaneously to evaluate the same inputs provides redundancy that a single model cannot offer. Because attackers require only 100 to 500 samples to compromise a single model, ensemble approaches significantly raise the cost and complexity of a successful attack.
- Adversarial robustness testing – Simulating adversarial attacks during the development phase to identify weaknesses before clinical deployment is currently not required by regulation, making proactive adoption a meaningful differentiator in AI security posture.
- Interpretable systems for high-stakes decisions – For decisions with direct life consequences such as organ transplantation and emergency triage, transitioning from black-box models to interpretable systems with verifiable safety guarantees reduces the risk of undetectable compromise by making model reasoning accessible to human review.
What does an effective AI governance framework require in a healthcare organization?
- Centralized oversight architecture – Effective AI governance requires a central platform that provides visibility across all AI systems in use, including third-party AI vendors and internally deployed models, enabling consistent policy enforcement and coordinated incident response.
- Cross-functional governance structure – AI security governance requires integration across security, clinical informatics, compliance, legal, and executive leadership with clearly defined roles, escalation paths, and an AI governance committee with authority to act on critical findings.
- Real-time risk dashboards – Aggregating AI risk data into real-time dashboards that route findings to the appropriate stakeholders enables the kind of proactive oversight that extended detection timelines make essential. Delayed identification of AI compromise is the primary driver of patient harm, making detection speed a governance priority.
- Privacy-preserving security methods – HIPAA and GDPR restrictions on data correlation are necessary for patient protection but create structural blind spots in AI security. Governance frameworks must develop methods for threat analysis and behavioral auditing that operate within privacy constraints rather than assuming those constraints can be relaxed.
- Supply chain standards for AI vendors – Healthcare organizations must audit clinical workflows for data integrity issues and enforce strict supply chain standards that govern how commercial AI vendors develop, test, and maintain the models they deploy into healthcare environments.
- Alignment with emerging global standards – Governance frameworks should align with NIST, HIPAA Security Rule updates, FDA guidance on AI-enabled medical devices, and emerging international AI security standards, with sufficient flexibility to incorporate new requirements as the regulatory landscape continues to evolve.
How should healthcare organizations prioritize AI security investments given resource constraints?
- Proactive vs. reactive cost comparison – Taking proactive steps to secure AI systems is significantly more cost-effective than addressing breaches after the fact. The average healthcare data breach costs $9.77 million per incident, while the cost of implementing adversarial testing, ensemble detection, and centralized governance is a fraction of a single breach recovery.
- Risk tiering by system criticality – Prioritization should begin with an AI inventory that identifies all machine learning systems in use and tiers them by clinical criticality and data sensitivity. Systems making or informing life-critical decisions warrant the highest investment in adversarial testing and interpretability.
- Baseline establishment before deployment – Establishing performance baselines for each AI system before clinical deployment enables detection of subtle degradation caused by adversarial manipulation. Organizations that lack baselines cannot distinguish compromised performance from natural model drift.
- Adversarial testing as the highest-leverage investment – Incorporating adversarial robustness testing into the validation process before clinical deployment addresses the most critical gap in current regulatory requirements and provides the earliest possible detection opportunity for model-level vulnerabilities.
- Governance platform as force multiplier – Centralized risk management platforms that automate AI risk assessments, align with compliance frameworks, and route findings to appropriate stakeholders multiply the effectiveness of limited security teams by replacing manual, siloed evaluations with systematic, scalable oversight.
- Third-party vendor scrutiny – Given the concentration risk from shared commercial foundation models, investment in third-party AI vendor assessment and ongoing monitoring delivers outsized risk reduction relative to its cost by addressing the single-point-of-failure scenario that could simultaneously compromise dozens of institutions.
