Approov API Protection

Playing with FHIR: Hacking and Securing FHIR APIs

October 28th at 9am PST, 12pm EST, 5pm BST, 6pm CEST

In research sponsored by Approov, Alissa Knight of Knight Ink has been hacking Fast Healthcare Interoperability and Resources (FHIR) APIs, working with some of the world’s largest Electronic Health Record (EHR) companies in her vulnerability research. The report of her findings is now available, and it underscores a systemic lack of basic protections in FHIR API implementations, allowing unauthorized access to an inordinate amount of patient records.

This live webinar will share the research methods, findings and recommendations which are captured in the report and will include a panel discussion on the way forward.

What you will learn:

  • How the rapidly evolving US Healthcare ecosystem is presenting new opportunities for hackers
  • The tactics, techniques and procedures used to test apps accessing FHIR APIs
  • The security issues exposed in mobile apps accessing FHIR APIs
  • How secrets exposed in the "last mile" to the mHealth apps can be used to attack APIs
  • The recommended actions to reduce the risks which were identified in the report
Alissa Knight
Alissa Knight
Alissa Knight is a recovering hacker of 20 years, blending hacking with a unique style of written and visual content creation. She is a cybersecurity influencer, content creator, and community manager and partner at Knight Ink . She has authored books on cybersecurity including "Hacking Connected Cars" published by Wiley. Alissa is also the principal analyst in cybersecurity at Alissa Knight & Associates. She is active in the cybersecurity community as both an entrepreneur and as a CISO.
David Stewart
David Stewart
David is co-founder and CEO of Approov.
Skip Hovsmith
Skip Hovsmith
Skip heads the US team, and is based in California. His focus is on helping customers secure API usage between mobile apps and their backend services. He is a frequent speaker at mobile, API and security conferences.

Copyright © 2021 CriticalBlue, Ltd. All Rights Reserved.