Third-party apps and aggregators that pull data from electronic health record systems may be vulnerable to hacks that put millions of patient and clinic records at risk, a new report said.

In a study published by cybersecurity firm Approov, cybersecurity analyst and “recovery hacker” Alissa Knight tested the vulnerability of three production application program interfaces, communication channels that connect a mobile app to the server that contains EHR data. The APIs use the Fast Healthcare Interoperability Resources (FHIR) standard for health data, which contains aggregated data from more than 25,000 providers and payers.

With a single patient login account, Knight was able to access more than 4 million patient and clinician records.

Of the three APIs tested, serving a network of 48 mobile apps and APIs, they all enabled Knight to access other patients’ health information with a patient’s login. More than half (53%) of the mobile apps tested had hard-coded …

.



Source link

Leave a Reply