APIs – are a key underlying technology for modern healthcare systems. Protecting healthcare APIs is especially important because they carry personal health information.
The American Hospital Association (AHA) recommended that those engaging in mobile healthcare be aware of API attacks and develop a system that takes API security into serious consideration.
When the website qa.findadoctor.com was hacked, using an insecure API, information on about 1.4 million doctors in the US was scraped. That information could potentially be used in phishing attacks on unsuspecting patients.
The Problem
- Healthcare APIs are a prime target for hacking.
- Healthcare APIs carry sensitive personal health information. Failing to protect them can result in significant regulatory compliance violations.
- Healthcare APIs might also carry financial information that is also attractive for hackers.
Syber.ai’s system continuously monitors healthcare APIs in production in detects hacks, data leaks, and API abuse. It deploys quickly in either on-premise or cloud configurations, requires no agents, and does not introduce any delay or reliability issues in deployed APIs.
Our Solution
- Continuous monitoring of production APIs.
- Deep analysis of the content of API transactions, not just their metadata, to detect anomalies related to hacks, personal information data leaks and API abuse.
- Healthcare-specific protection that can enforce HIPAA, FHIR and other healthcare privacy regulations.
- Valuable insights, near real-time, for security teams, developers and business owners.
Additionally, Syber.ai automatically builds a catalog of detected APIs and continuously checks their compliance relative to the developer definitions. When a violation is detected, a deep-dive analysis is available to determine the root cause and remediate the issue.
Existing cybersecurity devices – such as API gateways and Web Application Firewalls – can enforce API access policies but can’t detect privacy issues, data leaks, advanced hacking techniques or subtle deviations from normative behavior. That’s why Gartner is recommending that vendors look into API-specific solutions beyond the rudimentary API protection offered by existing devices.
With hundreds of health APIs available and in increased used, are your healthcare APIs protected?
