ONC Wants Help Exploring FHIR-based Servers and Their Vulnerabilities

The Office of the National Coordinator for Health IT is capitalizing on National Cybersecurity Awareness Month to explore how to build secure, interoperable servers for sharing electronic health information, and it wants some help from the public. ONC officials have launched the Secure API Server Showdown Challenge to industry stakeholders to build Fast Healthcare Interoperability Resources, or FHIR, servers that are deemed secure under current industry standards and then see if they can be hacked.

The challenge offers developers a total of $50,000 in prizes and will be split over two stages. In the Server Build Stage, teams will build servers operating on FHIR—the draft standard information format and an application programming interface for sharing electronic health records—using industry best practices, technical standards and open source code.

Three teams will advance to the following Vulnerability Discovery Stage based on the technical judging criteria of their server builds. The second stage will consist of two tracks: one where the teams operate their servers and another with team-based hacking to find “’in-scope’ security vulnerabilities” within the servers. The Server Track teams will then review the security vulnerabilities and be eligible for a $10,000-prize if they operate their servers through the conclusion of the second stage...