Health IT standards-setting body HL7 International has taken the unusual step of issuing a clarifying statement about the release earlier this month of a report by a cybersecurity expert into vulnerabilities she exposed in third-party implementations of application programming interfaces (API) using the Fast Healthcare Interoperability Resources (FHIR) standard.

Las Vegas-based expert Alissa Knight of Knight Ink published a report this month called “Playing with FHIR: Hacking and Securing FHIR APIs", which detailed a year-long exploration of vulnerabilities in a number of implementation of apps using FHIR APIs.