Playing with FHIR: Hacking and Securing FHIR APIs
October 28th at 9am PST, 12pm EST, 5pm BST, 6pm CEST
In research sponsored by Approov, Alissa Knight of Knight Ink has been hacking Fast Healthcare Interoperability and Resources (FHIR) APIs, working with some of the world’s largest Electronic Health Record (EHR) companies in her vulnerability research. The report of her findings is now available, and it underscores a systemic lack of basic protections in FHIR API implementations, allowing unauthorized access to an inordinate amount of patient records.
This live webinar will share the research methods, findings and recommendations which are captured in the report and will include a panel discussion on the way forward.
What you will learn:
- How the rapidly evolving US Healthcare ecosystem is presenting new opportunities for hackers
- The tactics, techniques and procedures used to test apps accessing FHIR APIs
- The security issues exposed in mobile apps accessing FHIR APIs
- How secrets exposed in the "last mile" to the mHealth apps can be used to attack APIs
- The recommended actions to reduce the risks which were identified in the report