Security News > 2023 > January > Critical OpenEMR vulnerabilities may allow attackers to access patients’ health records
Critical vulnerabilities discovered in OpenEMR can be chained to gain code execution on a server running a vulnerable version of the popular open-source electronic health record system.
Discovered, privately reported and now publicly documented by researcher Dennis Brinkrolf, the vulnerabilities have been promptly patched by the OpenEMR maintainers at the end of November 2022.
About OpenEMR. OpenEMR is an electronic health record system and medical practice management solution that "Is used by more than 100,000 medical providers serving more than 200 million patients" around the globe.
The open-source OpenEMR project is supported by the nonprofit OpenEMR Foundation, and is maintained by hundreds of volunteers and professionals.
The OpenEMR Foundation's guiding vision is "A world where every health care provider has access to high-quality health care information technology."
The good news is that the OpenEMR maintainers have fixed these vulnerabilities in less then a week, and have pushed out a patch/new version of the software.
News URL
https://www.helpnetsecurity.com/2023/01/30/critical-openemr-vulnerabilities/
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical vulnerabilities persist in high-risk sectors (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)