<code id='8C8A112825'></code><style id='8C8A112825'></style>
    • <acronym id='8C8A112825'></acronym>
      <center id='8C8A112825'><center id='8C8A112825'><tfoot id='8C8A112825'></tfoot></center><abbr id='8C8A112825'><dir id='8C8A112825'><tfoot id='8C8A112825'></tfoot><noframes id='8C8A112825'>

    • <optgroup id='8C8A112825'><strike id='8C8A112825'><sup id='8C8A112825'></sup></strike><code id='8C8A112825'></code></optgroup>
        1. <b id='8C8A112825'><label id='8C8A112825'><select id='8C8A112825'><dt id='8C8A112825'><span id='8C8A112825'></span></dt></select></label></b><u id='8C8A112825'></u>
          <i id='8C8A112825'><strike id='8C8A112825'><tt id='8C8A112825'><pre id='8C8A112825'></pre></tt></strike></i>

          entertainment

          entertainment

          author:leisure time    Page View:84
          data thief
          Adobe

          In the last year, cyberattacks on hospitals have surged, putting a spotlight on the need to protect patients’ health data. But hackers don’t need to attack providers directly to get that valuable info. A new cybersecurity report shows it is remarkably easy for bad actors to steal it through third-party apps and data aggregators that tap into providers’ electronic health record systems.

          Hacker and cybersecurity analyst Alissa Knight got access to more than 4 million patient and clinician records by exploiting vulnerabilities in data aggregators’ application programming interfaces, along with associated apps that track medications and share patient records — records that include demographics, lab results, medications, procedures, allergies, and more. Collectively, the tested tools can read and write data to the major EHR systems.

          advertisement

          Knight initially set out looking for vulnerabilities in APIs built by the EHR companies themselves. Built on the open Fast Healthcare Interoperability Resources (FHIR) standard for health care data, those APIs are a powerful tool to unify data collected by different systems and support interoperability. “The EHR companies themselves have been partnering with me, allowing me access to their APIs” to conduct security testing, said Knight. But when she couldn’t find any soft spots in their systems, she began testing the FHIR APIs built by third-party data aggregators that interface with electronic health records, along with the gallery of apps that developers have built on those APIs.

          Unlock this article by subscribing to STAT+ and enjoy your first 30 days free!

          GET STARTED Log In

          knowledge

          The high cost of giving birth even with insurance
          The high cost of giving birth even with insurance

          AdobeTheburdenofhighhealthcarecostsandmedicaldebtintheU.S.isnosecret.Medicaldebtaffectsoneinfiveadul

          read more
          Three trends to watch in biotech in 2024
          Three trends to watch in biotech in 2024

          ChristineKao/STATEverywinter,likePunxsutawneynobles,biotech’smanythoughtleadersgatherfortheJ.P.Morga

          read more
          How one medical school became remarkably diverse
          How one medical school became remarkably diverse

          ThefirstclassattheUniversityofCalifornia,Davismedicalschool,in1972,waspredominantlywhiteandmale.Chri

          read more

          Can sheer will power keep patients alive in their dying hours?

          ArmellaLeungforSTATMarjorieSeverancehadlived91years,fivemonths,andtwoweekswhen,ifyoubelievesuchthing