Forbes October 25, 2021
Dan Munro

Over the course of about a year, a single ethical hacker was able to access millions of patient health records and expose systemic risks in software that are effectively outside the legal jurisdiction of the Health Information Portability and Accountability Act of 1996 (HIPAA).

API’s are considered infrastructure (not application) software because they typically work below the application presentation layer as a way to bridge data requests between different (often competing) software applications. The end-user (or consumer) would see the result of an API request in a front-facing application, but not the API itself.

“Of the five FHIR API implementations I tested in phase two of my research, three contained pervasive vulnerabilities that allowed me to access over four million...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Apps, Cybersecurity, Digital Health, EMR / EHR, Health IT, mHealth, Patient / Consumer, Provider, Technology
Related Articles:
VA to expand Oracle EHR rollout to 9 more sites
Epic, Meditech, Oracle Health advance interoperability efforts
Intermountain Health to consolidate 8 EHR systems
VA's Oracle Health EHR experiences new widespread outage
How Can EHRs Support the Shift to Value-Based Care and Reduce Clinician Burnout?

Share This Article