Electronic Medical Records Cracked Open by OpenClinic Bugs

2020-12-01 16:57

Four vulnerabilities have been discovered in the OpenClinic application for sharing electronic medical records.

Authenticated healthcare users of the application can upload medical test documents for patients, which are then stored in the '/tests/' directory.

"Anyone with the full path to a valid medical test file could access this information, which could lead to loss of PHI for any medical records stored in the application," according to the firm, writing in a Tuesday posting.

"Administrative users with the ability to enter medical tests for patients were able to upload files to the application using the '/openclinic/medical/test new.php endpoint,'" according to Bishop Fox.

"There is no version of OpenClinic available that does not suffer from the identified vulnerabilities, and the recommendation is to switch to a different medical records management software," researchers said.

News URL

https://threatpost.com/electronic-medical-records-openclinic-bugs/161722/