Image copyright
Getty Images

Image caption

The OpenEMR system is used in many countries around the world

Health records of almost 100 million patients worldwide were put at risk by security issues with a popular patient management system, researchers say.

Almost 30 bugs were found in the OpenEMR system, by a cyber-security group called Project Insecurity.

OpenEMR is one of the world’s most widely used patient and practice management systems.

It said it was “thankful” for Project Insecurity’s work and had now patched many of the bugs it had exposed.

Bug hunters

Cyber-security experts from Project Insecurity found various problems in its investigation of OpenEMR.

Many of the bugs were labelled as “critical” and, if exploited, would have given attackers wide access to medical records.

Some would have allowed attackers with limited credentials access to sensitive data.

OpenEMR is used by many surgeries, hospitals and other health organisations to manage information and treatment for patients.

It can also be used to manage scheduling and billing as well as practice administration.

Image copyright
Getty Images

Image caption

Some of the bugs could have given hackers broad access to medical records

In the US, it is used to document sensitive medical information for more than 30 million people.

Globally, the records of about 100 million people are believed to be held on OpenEMR.

Project Insecurity told OpenEMR about its findings in July and gave the organisation until 7 August to fix them.

Brady Miller, OpenEMR project administrator, said it had tackled the bugs in several stages following the disclosure by the cyber-security team.

Mr Miller said the “responsible disclosure” had helped it fix the vulnerabilities.

“The OpenEMR community takes security seriously and considered this vulnerability report high priority since one of the reported vulnerabilities did not require authentication,” he said.

Patches for the bugs have been released and shared with the many OpenEMR users. They have also been added to packages offered by partners and cloud companies.



Source link

Content Disclaimer 

This Content is Generated from RSS Feeds, if your content is featured and you would like to be removed, please Contact Us With your website address and name of site you wish to be removed from.

Note:

You can control what content is distributed in your RSS Feed by using your Website Editor.   If you are looking to make money from running your own business at home, visit the links below.

Tech Shop Offers


Music & Hifi Offers


Shop Categories