Skip to Main Content
Contribute Try STAT+ Today

In the last year, cyberattacks on hospitals have surged, putting a spotlight on the need to protect patients’ health data. But hackers don’t need to attack providers directly to get that valuable info. A new cybersecurity report shows it is remarkably easy for bad actors to steal it through third-party apps and data aggregators that tap into providers’ electronic health record systems.

Hacker and cybersecurity analyst Alissa Knight got access to more than 4 million patient and clinician records by exploiting vulnerabilities in data aggregators’ application programming interfaces, along with associated apps that track medications and share patient records — records that include demographics, lab results, medications, procedures, allergies, and more. Collectively, the tested tools can read and write data to the major EHR systems.

Unlock this article by subscribing to STAT+ and enjoy your first 30 days free!

GET STARTED

What is it?

STAT+ is STAT's premium subscription service for in-depth biotech, pharma, policy, and life science coverage and analysis. Our award-winning team covers news on Wall Street, policy developments in Washington, early science breakthroughs and clinical trial results, and health care disruption in Silicon Valley and beyond.

What's included?

  • Daily reporting and analysis
  • The most comprehensive industry coverage from a powerhouse team of reporters
  • Subscriber-only newsletters
  • Daily newsletters to brief you on the most important industry news of the day
  • STAT+ Conversations
  • Weekly opportunities to engage with our reporters and leading industry experts in live video conversations
  • Exclusive industry events
  • Premium access to subscriber-only networking events around the country
  • The best reporters in the industry
  • The most trusted and well-connected newsroom in the health care industry
  • And much more
  • Exclusive interviews with industry leaders, profiles, and premium tools, like our CRISPR Trackr.

Create a display name to comment

This name will appear with your comment