Alissa Knight has spent the last year focusing on hacking Fast Healthcare Interoperability and Resources (FHIR) APIs, working with some of the world’s largest Electronic Health Record (EHR) companies in her vulnerability research. This report represents her findings underscoring a systemic lack of basic protections in FHIR API implementations resulting in unauthorized access to an innumerable number of patient records.