Security News > 2020 > October > Critical OpenEMR Vulnerabilities Give Hackers Remote Access to Health Records
Several vulnerabilities found by researchers in the OpenEMR software can be exploited by remote hackers to obtain medical records and compromise healthcare infrastructure.
Researchers at Swiss-based code quality and security solutions provider SonarSource discovered earlier this year that OpenEMR is affected by four types of vulnerabilities that impact servers using the Patient Portal component.
SonarSource researchers determined that if the Patient Portal is enabled and accessible from the internet, an attacker could take complete control of the OpenEMR server by chaining the vulnerabilities they've found.
If the attacker targets a user with lower privileges rather than an administrator, they can exploit the SQL injection vulnerability to gain access to the patient database and steal potentially valuable data.
SonarSource discovered the vulnerabilities in OpenEMR 5.0.2.1 and they were patched with the release of version 5.0.2.2 in August.
News URL
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical vulnerabilities remain unresolved due to prioritization gaps (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Kimsuky hackers use new custom RDP Wrapper for remote access (source)