Threat Intelligence Report Fusion Center Report: OpenEMR - Multiple Security Flaws Could Put Medical Records at Risk (English)

Researchers at Project Insecurity identified more than 30 bugs in OpenEMR, the world’s most popular open source software for managing medical records.

Report from EclecticIQ Fusion Center from Thursday 08 August 2018.

Key Findings:

Many of the vulnerabilities were classified as severe, leaving the personal information of almost 100 million patients potentially exposed to adversaries.

A majority of the vulnerabilities are related to the following: Cross Site Scripting (XSS) vulnerabilities, SQL injection, and remote code execution.

EclecticIQ analysts identified a small public listing, by country, of known current deployments of OpenEMR solutions in production and research environments.

Shodan results identified approximately 300 OpenEMR results, a large number in the U.S., with Germany and Singapore following.

Download Resource

Download report and STIX entitiesSee other resources