Healthcare DIVE December 6, 2021
If you’ve been staying on top of the latest news in healthcare interoperability, you’ve no doubt seen the results of the Approov research done by cybersecurity analyst Alissa Valentina Knight. Testing the vulnerability of three production Fast Healthcare Interoperability Resources (FHIR) APIs, Knight was able to access more than 4 million patient and clinician records. And she was able to do it easily. She also made clear that these vulnerabilities are not inherent in FHIR. Instead, she concluded that there are pervasive authorization vulnerabilities.
The research looked at organizations who exposed FHIR APIs without a full developer experience built in, and she found huge security gaps that all healthcare organizations need to address — or risk exposing sensitive patient data....