Security News > 2020 > October > Critical OpenEMR Vulnerabilities Give Hackers Remote Access to Health Records

Several vulnerabilities found by researchers in the OpenEMR software can be exploited by remote hackers to obtain medical records and compromise healthcare infrastructure.
Researchers at Swiss-based code quality and security solutions provider SonarSource discovered earlier this year that OpenEMR is affected by four types of vulnerabilities that impact servers using the Patient Portal component.
SonarSource researchers determined that if the Patient Portal is enabled and accessible from the internet, an attacker could take complete control of the OpenEMR server by chaining the vulnerabilities they've found.
If the attacker targets a user with lower privileges rather than an administrator, they can exploit the SQL injection vulnerability to gain access to the patient database and steal potentially valuable data.
SonarSource discovered the vulnerabilities in OpenEMR 5.0.2.1 and they were patched with the release of version 5.0.2.2 in August.
News URL
Related news
- Kimsuky hackers use new custom RDP Wrapper for remote access (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Critical flaw in Next.js lets hackers bypass authorization (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)