Security News > 2020 > October > Critical OpenEMR Vulnerabilities Give Hackers Remote Access to Health Records

Several vulnerabilities found by researchers in the OpenEMR software can be exploited by remote hackers to obtain medical records and compromise healthcare infrastructure.
Researchers at Swiss-based code quality and security solutions provider SonarSource discovered earlier this year that OpenEMR is affected by four types of vulnerabilities that impact servers using the Patient Portal component.
SonarSource researchers determined that if the Patient Portal is enabled and accessible from the internet, an attacker could take complete control of the OpenEMR server by chaining the vulnerabilities they've found.
If the attacker targets a user with lower privileges rather than an administrator, they can exploit the SQL injection vulnerability to gain access to the patient database and steal potentially valuable data.
SonarSource discovered the vulnerabilities in OpenEMR 5.0.2.1 and they were patched with the release of version 5.0.2.2 in August.
News URL
Related news
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- GitLab patches critical authentication bypass vulnerabilities (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Critical flaw in Next.js lets hackers bypass authorization (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered (source)
- Critical FortiSwitch flaw lets hackers change admin passwords remotely (source)
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
- Most critical vulnerabilities aren’t worth your attention (source)