OpenEMR EMR Management Vulnerabilities
OpenEMR is a popular, open-source software solution for the management of millions of electronic patient records worldwide.
Over 20 vulnerabilities in the OpenEMR open-source electronic medical record (EMR) management software have been disclosed by a security research group.
Discovered by Project Insecurity the vulnerabilities include SQL injection flaws, unrestricted file upload bugs, remote code execution and cross-site request forgeries. A remote attacker could exploit these vulnerabilities to access, delete or alter EMR files, upload malicious files or cause a denial-of-service condition.
You can read their full report on the Project Insecurity website
DataBreaches.net reached out to OpenEMR for comment. Brady G. Miller, CEO of OpenEMR.org sent the following statement:
The OpenEMR community is very thankful to Project Insecurity for their report, which led to an improvement in OpenEMR’s security. Responsible security vulnerability reporting is an invaluable asset for OpenEMR and all open source projects. The OpenEMR community takes security seriously and considered this vulnerability high priority since one of the reported vulnerabilities did not require authentication. A patch was promptly released and announced to the community. Additionally, all downstream packages and cloud offerings were patched.
Further information
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.