Security flaws in health apps, APIs potentially put millions of patient records at risk, report finds
Fierce Health Technology October 20, 2021
Third-party apps and aggregators that pull data from electronic health record systems may be vulnerable to hacks, putting millions of patient and clinician records at risk, a new report found.
In research published by cybersecurity company Approov, cybersecurity analyst and “recovering hacker” Alissa Knight tested the vulnerability of three production application program interfaces, communication channels that link a mobile app to the server containing EHR data. The APIs use the Fast Healthcare Interoperability Resources (FHIR) standard for healthcare data, containing aggregated data from more than 25,000 providers and payers.
With a single patient login account, Knight was able to access more than 4 million patient and clinician records.
Of the three APIs tested, which serve a network of 48 mobile...