Hackers exploiting third-party apps to steal your health data: research

Hospitals and healthcare systems have become a major target for hackers during the Covid-19 pandemic and a new report has claimed that third parties applications who pulls the patient The data electronic health record (EHR) systems are vulnerable to hacking.

Researchers at application security firm Approov were able to access more than 4 million patient and clinician records from more than 25,000 providers through third-party applications that connect to hospital health records to extract data. .

“Alissa Knight, Cyber ​​Security Analyst, has gained access to over 4 million patient and clinician records by exploiting vulnerabilities in data aggregator application programming interfaces, as well as associated applications that track and share medication. patient records ”, reports STAT News.

Records included demographics, lab results, medications, procedures, allergies, etc.

“Collectively, the tools under test can read and write data to major EHR systems,” the report said on Monday.

Knight checked for vulnerabilities in applications created using the Fast Healthcare Interoperability Resources (FHIR) standard.

“She didn’t need to use advanced cybersecurity hack. She just used the basics that your first year of cybersecurity would have focused on,” said John Moehrke, member of the FHIR management group.

Electronic health records kept in hospitals and health centers are well protected.

“But as soon as a patient allows their data to leave the medical record and go to a third-party application – like programs that track people’s medications, for example – it’s easy to access hackers,” The Verge reported. .

Hacking attempts against the healthcare industry began to increase last year during the pandemic.

In 2020, 1 million people were affected almost every month by data breaches at healthcare facilities, according to Health and Human Services (HHS) data.

State-backed hackers are also trying to infiltrate health systems and steal research and other vaccine-related information, according to warnings from intelligence agencies in the United States, Europe and Canada.

Four years ago the United Kingdom National health service (NHS) suddenly found herself one of the most publicized victims of a Want to cry ransomware attack.


Sean N. Ayres