August 10, 2018 Source: HealthcareIT News 147
Researchers from Project Insecurity unraveled the disturbing fact the millions of patient records were lying rather bare to attack from potential hackers. 18 grave vulnerabilities were discovered before OpenEMR tackled the issues.
Consequently, Project Insecurity held its report until OpenEMR could address the problem areas.
The researchers furnished a list of all portal directory pages that would reveal to the hacker, including patient profiles.
The researchers also exposed numerous cases of SQL injections, which can be used to observe data from a specific database or to execute other tasks like performing database functions. There also were several security concerns that could have invited remote code execution and others that could have unveiled data.
OpenEMR’s management system also was unlocked to access by hackers through unobstructed upload errors, unvalidated information disclosures and unauthenticated administrative actions.
The vulnerabilities needed no automated scanning or source code analysis software. The researchers discovered them by mere manual reviewing of the source code and altering requests. If sought by a hacker, they could access patient records, compromised databases and sensitive system data, and elevate privileges, or upload files.
A test lab was positioned to examine the platform, as OpenEMR was cautioned of system flaws by Risk Based Security in November 2017. The report revealed a configuration vulnerability that could render a system to total compromise.
Platform vulnerabilities and botched patches are offering hackers a quiet simpler way to encroach into private data. Patch management and supervision are critical to check these errors.By Ddu
your submission has already been received.
Please enter a valid Email address！
The most relevant industry news & insight will be sent to you every two weeks.
WordPress database error: [Table 'wp_posts' is marked as crashed and should be repaired]
SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts LEFT JOIN wp_term_relationships ON (wp_posts.ID = wp_term_relationships.object_id) WHERE 1=1 AND (
wp_term_relationships.term_taxonomy_id IN (1,54)
) AND wp_posts.post_type = 'post' AND (wp_posts.post_status = 'publish') GROUP BY wp_posts.ID ORDER BY wp_posts.post_date DESC LIMIT 0, 10