AI-powered Patient Profile Security Risk Evaluator

Executive AI Security Assessment for Agentic Healthcare Applications

Evaluate AI-specific risks, security controls, business impact, regulatory exposure, and executive readiness for generative AI systems processing Protected Health Information (PHI).

Amit Agrawal LinkedIn ↗ amitagro.net
Presentation mode

Assessment Inputs

Security Controls

Toggle platform, AI/product, and governance controls. Product-centric controls are separated for action evaluation, token abuse, semantic guardrails, adversarial regression, and anomaly detection. Each control is mapped to STRIDE, MITRE ATT&CK, and OWASP risks.

Technical View Full working view with assessment inputs, interactive architecture, attack simulation, controls, telemetry, findings, and executive impact.

Use Case Overview

AI-powered patient profile summarization uses a React web application, Amazon API Gateway, Amazon Cognito, AWS Lambda, AWS HealthLake, Amazon S3, Amazon Textract, Amazon Bedrock, and Amazon CloudWatch to generate clinician-facing summaries from patient records and uploaded clinical documents.

The workflow accepts a patient or encounter request, retrieves relevant clinical data, extracts text from PDFs or images when needed, sends scoped context to a foundation model, stores the generated summary, and returns status/results asynchronously. Because the system processes PHI and may influence clinical decisions, the evaluator focuses on prompt injection, data leakage, abuse, runtime monitoring, auditability, and least-privilege access.

USER ACCESS LAYER APPLICATION SERVICES DATA + AI SERVICES React App Clinician UI Cognito AuthN/AuthZ API Gateway Request entry Lambda Summarizer Status API Async results HealthLake Patient records Bedrock LLM summary S3 Docs + output Textract PDF extraction CloudWatch Logs/metrics
Primary usersClinicians or care-team members reviewing a patient profile, diagnosis history, medications, and encounter context.
Protected dataPHI, clinical notes, document references, diagnoses, medications, encounter data, and generated summaries.
Security objectiveEnable safe AI-assisted summarization while preserving authorization, traceability, minimum-necessary access, and human review.

Attack Simulation Mode

Select an attack scenario to stress the AI system. The simulation updates risk scoring, runtime telemetry, generated findings, and the CEO/Board/CFO briefing so leaders can see how specific failure modes change residual risk.

Overall Risk
--
Risk Score
--
Critical Findings
--
Controls Enabled
--
AI Security Maturity
--

Board Presentation Summary

Run the assessment to generate a concise board-ready view.

Threat Vector Heatmap

AI Runtime Telemetry

Generated Findings

Executive Interpretation

Run the assessment to generate an executive-level risk summary.

CEO, Board, and CFO Impact Briefing

Run the assessment to generate a worst-case impact narrative based on the highest-risk threat vector.