We're moving fast. Digital Front Doors, Remote Patient Monitoring, and Telehealth delivered anywhere on any device. I can hear my Mom now. Did you lock the back door?
Whenever we move fast you have to take an extra measure of caution. Where are we moving fast at the expense of security.
All of the apps were found to be vulnerable to API attacks, and some allowed access to electronic health records (EHRs). The 30 apps collectively expose 23 million mobile health users to attacks, Knight reported. Of the 30 apps tests, 77% contained hardcoded API keys, of which some do not expire, according to the report, and 7% had hardcoded usernames and passwords.
During her research, Knight hacked into the system of one hospital, changing the values of an EHR by one digit and then was able to access the health records of the patient’s family members and other information that a hospital’s registration desk had captured for a patient. Knight used a hacking tool that looks like it is generating data from a mobile health app.
This doesn't mean APIs are bad, it means that we have to take care when using them.
This is a good article. Check it out.