Keeping in mind the recent wave of medical data breaches, one can realize the security threats to medical and health records. The criminal hackers keep looking for various vulnerabilities and bugs through which they could intrude the security measures employed for the databases. What if they get a number of such “doorways” to the data? Recently, some researchers found a number of critical security vulnerabilities in the medical data software OpenEMR. These glitches made around 90 million medical records vulnerable to hacking.
Researchers Found Various Critical Flaws In OpenEMR
Yesterday, Project Insecurity published a detailed vulnerability report about the OpenEMR v5.0.1.3. The report pointed out to a number of security flaws that made the software vulnerable to cyber attacks. Allegedly, these bugs put around 90 million medical records on the verge of hacking.
As stated in their report,
“Some examples of vulnerabilities include a portal authentication bypass, multiple instances of SQL injection, multiple instances of remote code execution, unauthenticated information disclosure, unrestricted file upload, CSRFs including a CSRF to RCE proof of concept, and unauthenticated administrative actions.”
In all, they discovered 20 different vulnerabilities in the software, out of which, 18 had ‘high’ severity level. After discovering the vulnerabilities, the researchers informed the vendor about the flaws on July 7, 2018. Both parties then agreed upon a one-month public disclosure time during which the vendor fixed the bugs. After that, on August 7, 2018, the researchers published their findings as a detailed report.
This Isn’t The First Time
OpenEMR is an open source software meant for handling medical data at various health facilities. The software has been extensively used for record maintenance, scheduling, and billing. Owing to its extensive usage, several researchers have worked on this tool and have highlighted various security vulnerabilities. Last year, Risk Based Security, in their blog, revealed several flaws in OpenEMR that made the medical records vulnerable to breaches.
Let us know what you think in the comments section.