Healthcare
Securing Connected Healthcare
Healthcare
Securing Connected Healthcare
APIs Enable Connected Healthcare
The drive by the U.S, Department of Health & Human Services (HHS), to facilitate better patient control of healthcare data via application programming interfaces (APIs), is creating a dynamic and evolving ecosystem. Fast Healthcare Interoperability and Resources (FHIR) is the data exchange API specification at the heart of this ecosystem. Healthcare providers, life science organizations, insurers and physicians are all embracing an API led approach to enable the delivery of connected patient healthcare. The goals and benefits are obvious as clinicians gain access to the latest patient data in real-time, staff efficiency levels grow and patients receive personalized care with improved treatment outcomes.
New Innovation, New Opportunity, New Hacks
New apps are being created, leveraging the FHIR API spec to access patient data, with new and existing players providing data access and aggregation services. Inevitably such innovation and opportunity also attracts hackers. The incentives for rogue actors are high, as according to Forbes, patient data that is protected by the Health Insurance Portability & Accountability Act (HIPAA), is worth a thousand times more on the dark web than a U.S. credit card.
Protect Patient Data & Deliver Innovation
Regulators continue to legislate to protect patient data with strict requirements set out by various jurisdictions, such as HIPAA in the US, the EUโs General Data Protection Regulation (GDPR) and the UKโs Data Protection Act (DPA). But appropriate legislation is only one aspect of a robust healthcare data protection program.
Given the role of APIs in the healthcare ecosystem, security and development teams need to implement comprehensive API security programs capable of protecting APIs at every stage of the lifecycle and at scale. Simply identifying a zombie or shadow API is not sufficient when valuable and sensitive patient information is at risk, not to mention the financial costs that might accrue from data breach penalties. The 42Crunch platform enables continuous API security at every stage of the API lifecycle to ensure the automated protection of patient data at scale and the delivery of the promise of patient-centric healthcare services.
Colin Domoney
Colin Domoney, API security research specialist and developer advocate with 42Crunch, explains why existing AppSec tools fare badly on APIs.
Ready to Learn More?
Developer-first solution for delivering API security as code.