Security News > 2020 > October > Critical OpenEMR Vulnerabilities Give Hackers Remote Access to Health Records
Several vulnerabilities found by researchers in the OpenEMR software can be exploited by remote hackers to obtain medical records and compromise healthcare infrastructure.
Researchers at Swiss-based code quality and security solutions provider SonarSource discovered earlier this year that OpenEMR is affected by four types of vulnerabilities that impact servers using the Patient Portal component.
SonarSource researchers determined that if the Patient Portal is enabled and accessible from the internet, an attacker could take complete control of the OpenEMR server by chaining the vulnerabilities they've found.
If the attacker targets a user with lower privileges rather than an administrator, they can exploit the SQL injection vulnerability to gain access to the patient database and steal potentially valuable data.
SonarSource discovered the vulnerabilities in OpenEMR 5.0.2.1 and they were patched with the release of version 5.0.2.2 in August.
News URL
Related news
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical vulnerabilities persist in high-risk sectors (source)