Connect with us

Health Care

Playing With FHIR? Don’t Get Burned, White-hat Hacker Cautions

Published

on

This October, cybersecurity expert Alissa Knight released a white paper in partnership with API threat protection vendor Aproov exploring how healthcare’s so-called last mile remains vulnerable to attacks.

The report, “Playing With FHIR,” was “the largest unveiling of vulnerabilities in the history of the healthcare industry since the first electronic healthcare system came online in the 1960s,” said Knight in her keynote at the HIMSS Healthcare Cybersecurity Forum on Monday. (HIMSS is Healthcare IT News‘ parent company.)

And its release, she noted, made an appropriately large splash.

“While extremely controversial, [the white paper] was a much-needed red pill for the healthcare industry on the clear and present danger in what can happen when a FHIR implementation isn’t properly secured,” she said.

“Congratulations, this is the very last presentation of this research,” Knight added with a smile, explaining that she’s ready to move on to other explorations. “‘Playing With FHIR’ has been over a year of my life, and it’s time to close the chapter on that.”

For the report, Knight tested three production FHIR APIs, which served an ecosystem of 48 apps and APIs. All told, the ecosystem covered aggregated electronic health record data from 25,000 providers and payers.

Knight’s report, she explained, found that 4 million patient and clinician records could be accessed from a single patient login account. Furthermore, 53% of the tested mobile apps had hard-coded API keys and tokens, which could be used to attack EHR APIs.

“It’s 2021, and we’re still hard-coding … it’s a real problem, we need to stop doing it,” she said.

“If there are any developers in the audience: Stop hardcoding API keys and tokens in the apps, especially ones that grant you access to an API as the only authentication.” She added: “If you’re going to do it, definitely obfuscate the code. Don’t make it so easy.”

Knight also found that 100% of FHIR APIs tested allowed API access to other patients’ health data using one patient’s credentials. And, she said, half of clinical data aggregators did not implement database segmentation.

So, what can developers and decision-makers do to ensure their API implementations are secure?

Knight laid out a few options:

Hack your own APIs and apps via penetration testing – before bad actors do.
Authenticate and authorize traffic.
Implement zero-trust architecture and “woman-in-the-middle” protections.
Find an API threat management tool that allows observability.
Prevent tool-generated traffic.

Knight emphasized the importance of securing patient information, which is permanent and lifelong.

“We are talking about people’s patient data, which is worth 1,000 times more on the dark web than a U.S. credit card number,” she said.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Article: healthcareitnews.com

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Health Care

Singapore’s Public Health System Rolling Out the Clinician’s ZEDOC Platform

Published

on

Singapore’s health tech agency Integrated Health Information Systems has partnered with Auckland-headquartered digital health firm The Clinician to deploy a patient-reported outcome and experience measures platform across the island state’s public healthcare system.

WHAT IT’S FOR

The Clinician’s ZEDOC platform, the company describes, assists healthcare providers in managing patient-generated health data outside the hospital through digitisation. Integrated with HIS, the system supports timely exchange of health data and information between providers and patients, including subjective PROMs and PREMs, objective wearable device data, and other communication or educational materials. By streamlining the digital collection of critical health data, ZEDOC is able to render real-time, actionable information crucial for improving health outcomes and experiences.

The partners are working on multiple ZEDOC integrations with existing health information systems (HIS). A privacy-preserving hybrid infrastructure has been implemented which ensures that all personally identifiable information stays within the IHiS’s private health cloud while all anonymised health data are collected through a secure commercial cloud platform.

WHY IT MATTERS

Singapore intends to measure and improve health outcomes and patient experience with the rollout of The Clinician’s ZEDOC platform. Their partnership will “bolster patient engagement and enable clinicians to more effectively assess patients’ health status before, during and after receiving a health service – closing the loop when they are outside the hospital,” said The Clinician CEO Dr Ron Tenenbaum. It will also allow providers to deliver “more holistic and personalised care for patients by taking into account their perspectives for the first time,” he added.

To demonstrate the benefit of routine collection and analysis of PROMs, The Clinician shared that this has resulted in over 50% reduction in 90-day complications for hip and knee surgery patients in one study and a five-month improvement in the survival of cancer patients in another.

Among benefits for care providers, the ZEDOC integration will replace existing paper-based forms with an integrated digital platform that automates data capture, as well as benchmark outcomes across providers to reduce variability and waste. For patients, they can become more involved in the treatment decision-making and be informed early of health risks and warning signs.

THE LARGER TREND

Last month, Cabrini Health and The Alfred, two of the largest healthcare providers in the Australian state of Victoria, deployed the ZEDOC platform to automate the collection and analysis of health data from colorectal cancer patients. The installation is said to adhere to the colorectal cancer standards outlined by the International Consortium of Health Outcomes Measurement.

Original Post: healthcareitnews.com

Continue Reading

Health Care

EU Analysis Highlights Digital Health Lessons From COVID-19

Published

on

An EU analysis has outlined the effect of COVID-19 on healthcare systems in Europe and the role of digital innovation in building their resilience.

Experts from the Organisation for Economic Co-operation and Development (OECD) and the European Observatory have published a set of 29 country health profiles, covering all EU member states, as well as Iceland and Norway. A companion report also highlights a selection of cross-country trends.

Speaking at a virtual launch event on Monday (13 December), Josep Figueras, director, European Observatory, highlighted two main lessons learnt from the use of technology in the pandemic.

Using telemedicine as an example of digital health innovation, he said the number of teleconsultations had increased in all EU countries during 2020. However in some countries, such as France, teleconsultations had decreased when lockdowns ended.

“The key issue here is how we harness and sustain innovation – how we make sure that these improvements in the use of telemedicine (as an illustration of the use of other digital technologies) can be maintained and sustained to increase the effectiveness of the health system,” Figueras said.

He also highlighted that the technology for telemedicine and other innovations was already available in many European countries before the pandemic but was not being used.

Figueras asked: “What did we do within the pandemic that literally within a couple of weeks, we got all this telemedicine in place?”

To sustain the use of telemedicine and other health technologies, he said it was important to look at the regulatory measures, financial incentives, training and changes in culture needed.

“Something the pandemic has taught us loudly and clearly is the importance of digital innovation – not only the new technologies, but the ability to implement them,” Figueras added.

WHY IT MATTERS

The State of Health in the EU cycle is a two-year process initiated by the European Commission in 2016, designed to improve country-specific and EU-wide knowledge in healthcare.

It aims to gather data and in-depth analyses on health systems and make the information accessible to policy makers and stakeholders.

THE LARGER CONTEXT

During the pandemic, digital tools have been used in the EU to boost public health measures such as the implementation of the EU Digital COVID Certificate, vaccination booking systems, and cross-border interoperability for contact-tracing apps.

There has also been investment in EU-wide COVID recovery initiatives such as the EU4Health programme.

ON THE RECORD

Maya Matthews, head of unit performance, European Commission said: “COVID-19 illuminated the fact that in many European countries we do not have a strong public health system. We cannot do testing and tracing. Even surveillance is done sometimes in a very fragmented fashion.

“I think if one thing comes out of COVID-19, it’s to say that public health matters – that public health is a very important part of health systems and has not really received the attention it deserves.”

Source Here: healthcareitnews.com

Continue Reading

Health Care

Clinical Messaging Platform Hospify to Close, Bupa Arabia Invests in Global Ventures, and More News Briefs

Published

on

Clinical messaging platform Hospify to close

British healthtech startup Hospify has announced it will close its secure clinical messaging platform on 31 January 2021.

Hospify said it suffered a decline in demand after the government suspended the UK 2018 Data Protection Act in relation to healthcare last year for the duration of the COVID-19 pandemic.

It also cited difficulties caused by “post-Brexit uncertainties surrounding the future of the UK’s data adequacy agreement with the EU”.

A statement from the Hospify team says: “It’s a sad end to a wonderful vision, a vision of universal health care communication that was both free of data exploitation and free at the point of use.”

Insurance giant Bupa Arabia invests in Global Ventures

UAE-based international venture capital firm Global Ventures has announced new investment from Bupa Arabia, the leading health insurance company in the region.

Bupa Arabia’s participation in Global Ventures Fund II as strategic partner aims to foster the healthcare ecosystem in the region and particularly in Saudi Arabia.

The investment is part of the Bupa Arabia’s strategy to participate and invest in disruptive healthcare and insurance technologies, amongst other targeted growth sectors.

Noor Sweid, Global Ventures founder and general partner, said: “Bupa Arabia shares our outlook and ambition on the digital health sector, and its potential for technology and innovation to deliver long-term economic benefits particularly in emerging markets.”

Liverpool Heart and Chest Hospital achieves EMRAM Stage 6

Specialist NHS trust Liverpool Heart and Chest Hospital (LHCH) has been awarded Stage 6 of the EMRAM, or Electronic Medical Record Adoption Model, by HIMSS.

The EMRAM measures the adoption and maturity of a health facility’s inpatient EMR capabilities from 0 to 7. Achieving Stage 6 means the trust has established clear goals for improving safety, minimising errors, and recognising the importance of healthcare IT.

Kate Warriner, chief digital and information officer said: “Digital excellence must be the cornerstone if we are to continually improve the care that we provide for our patients in the years ahead. Therefore, whilst we are rightly proud of this achievement, we have ambitions for further pioneering innovation and advancing our use of technology to become a Stage 7 hospital.”

More than $110m raised by Sheba’s ARC Innovation Center

Israel’s Sheba Medical Center has announced that six companies from its Accelerate Redesign Collaborate (ARC) Innovation Center raised more than $110 million (EUR97.2m) in 2021.

ARC brings new technologies into the hospital and community ecosystem focusing on digital health technologies including precision medicine, big data, artificial intelligence (AI), predictive analytics, telemedicine and mobile health.

Sheba MedTech startups receiving investments this year included: Aidoc, BELKIN Laser, Starget Pharma Append Medical, Innovalve Bio Medical and TechsoMed.

Professor Eyal Zimlichman, ARC director and founder, said: “The ARC Innovation Center has been focusing on ground-breaking, innovative technologies with a prime directive to redesign healthcare.”

Konica Minolta named as part of NHS Digital Documents Solutions framework

Konica Minolta Business Solutions (UK) Ltd has been named as one of 46 suppliers on the new ?5 billion Digital Documents Solutions framework.

The firm will provide solutions across five key areas: internal print, external print, digital mail room, scanning and electronic document management solutions.

Jason Barnes, head of public sector, Konica Minolta, said: “Having been chosen through a competitive tender process, we are especially pleased to be newly appointed to the LPP framework, which deepens and furthers our reach into the NHS health sector.”

Original Source: healthcareitnews.com

Continue Reading

Trending

RLER.com