Forbes October 25, 2021
Dan Munro

Over the course of about a year, a single ethical hacker was able to access millions of patient health records and expose systemic risks in software that are effectively outside the legal jurisdiction of the Health Information Portability and Accountability Act of 1996 (HIPAA).

API’s are considered infrastructure (not application) software because they typically work below the application presentation layer as a way to bridge data requests between different (often competing) software applications. The end-user (or consumer) would see the result of an API request in a front-facing application, but not the API itself.

“Of the five FHIR API implementations I tested in phase two of my research, three contained pervasive vulnerabilities that allowed me to access over four million...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

 
Topics: Apps, Cybersecurity, Digital Health, EMR / EHR, Health IT, mHealth, Patient / Consumer, Provider, Technology
Epic files to dismiss antitrust lawsuit
How Judy Faulkner teaches good EHR habits
Epic's top 10 moves of '24
Oracle Health's 2025 vision
Epic's 2025 priorities

Share This Article