Securing Connected Healthcare

Securing Connected Healthcare

42C Industry Hero Health Mobile v1

APIs Enable Connected Healthcare

The drive by the U.S, Department of Health & Human Services (HHS), to facilitate better patient control of healthcare data via application programming interfaces (APIs), is creating a dynamic and evolving ecosystem. Fast Healthcare Interoperability and Resources (FHIR) is the data exchange API specification at the heart of this ecosystem. Healthcare providers, life science organizations, insurers and physicians are all embracing an API led approach to enable the delivery of connected patient healthcare. The goals and benefits are obvious as clinicians gain access to the latest patient data in real-time, staff efficiency levels grow and patients receive personalized care with improved treatment outcomes.

New Innovation, New Opportunity, New Hacks

New apps are being created, leveraging the FHIR API spec to access patient data, with new and existing players providing data access and aggregation services. Inevitably such innovation and opportunity also attracts hackers. The incentives for rogue actors are high, as according to Forbes, patient data that is protected by the Health Insurance Portability & Accountability Act (HIPAA), is worth a thousand times more on the dark web than a U.S. credit card.

Healthcare Infographic Quotes P3-02

Protect Patient Data & Deliver Innovation

Regulators continue to legislate to protect patient data with strict requirements set out by various jurisdictions, such as HIPAA in the US, the EU’s General Data Protection Regulation (GDPR) and the UK’s Data Protection Act (DPA). But appropriate legislation is only one aspect of a robust healthcare data protection program.

Given the role of APIs in the healthcare ecosystem, security and development teams need to implement comprehensive API security programs capable of protecting APIs at every stage of the lifecycle and at scale. Simply identifying a zombie or shadow API is not sufficient when valuable and sensitive patient information is at risk, not to mention the financial costs that might accrue from data breach penalties. The 42Crunch platform enables continuous API security at every stage of the API lifecycle to ensure the automated protection of patient data at scale and the delivery of the promise of patient-centric healthcare services.


Application Security Tools Are
Not up to the Job of API Security

Colin Domoney BW

Colin Domoney

Colin Domoney, API security research specialist and developer advocate with 42Crunch, explains why existing AppSec tools fare badly on APIs.

Ready to Learn More?

Developer-first solution for delivering API security as code.