Forbes October 25, 2021
Dan Munro

Over the course of about a year, a single ethical hacker was able to access millions of patient health records and expose systemic risks in software that are effectively outside the legal jurisdiction of the Health Information Portability and Accountability Act of 1996 (HIPAA).

API’s are considered infrastructure (not application) software because they typically work below the application presentation layer as a way to bridge data requests between different (often competing) software applications. The end-user (or consumer) would see the result of an API request in a front-facing application, but not the API itself.

“Of the five FHIR API implementations I tested in phase two of my research, three contained pervasive vulnerabilities that allowed me to access over four million...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

Continue Reading

 
Topics: Apps, Cybersecurity, Digital Health, EMR / EHR, Health IT, mHealth, Patient / Consumer, Provider, Technology
Related Articles:
AMA considers MyChart billing resolution: 5 things to know
Why Specialty Practices Need an EHR Designed Just for Them
Does placing a patient’s photograph in the EHR influence radiologist behavior?
Deep learning predicts risk for childhood obesity over three years
From handwritten notes to digital solutions: a journey in health IT

Share This Article