,

Your data in safe hands: how we put FHIR Station to the security test

At Amaron, we know that when it comes to the security of medical data, “good enough” is never enough. That is why, in early 2026, we invited external security experts from Orange Cyberdefense to perform a penetration test on our FHIR Station.

What is a penetration test?

A penetration test (or pentest) is an authorized, simulated cyberattack on an IT system, network, or application. The goal is to identify security vulnerabilities just as a malicious hacker would, but in a controlled manner.

We gave the experts from Orange Cyberdefense the tools and permissions to attack our systems from the inside and outside to see if they could find any weak spots before a real hacker does.

What did we test?

  • The Foundation (the server): 
    We recently upgraded our systems to a newer, more robust foundation (Debian 13). The experts performed a “White Box” test, meaning they had full access to look under the hood to ensure the server was “hardened” and resistant to leaks.
  • The Application (FHIR Station): 
    We tested how FHIR Station handles data requests. We wanted to be 100% sure that a user logged into Account A could never see data belonging to Account B, even if they tried to trick the system. We tested for impersonation, data corruption, and even attempts to crash the system.

Robust security confirmed

The outcome was really positive. No critical issues were found, nor significant vulnerabilities that could easily be exploited. The experts found only a handful of “medium” and “low” issues, mostly technical settings that we are currently addressing.

The testers specifically highlighted 7 positive findings where our security measures worked exactly as intended, even under pressure.

Why this matters for you

By using an independent, world-class firm like Orange Cyberdefense to audit FHIR Station, we support you to meet regulations such as the GDPR and NIS2. It’s our way to help ensure that while your data is moving seamlessly between doctors and hospitals, it stays invisible to everyone else.

Any questions?

Do not hesitate to get in touch.

Contact us