Almost 100 million patients healthcare records worldwide were put at risk over 30 bugs being found in OpenEMR systems.
OpenEMR is one of the world’s most widely used patient and practice management systems and is accessed by a range of surgeries, hospitals and other health organisations around the globe to manage treatment documentation for patients.
The US alone use the system to access and record sensitive medical information of more than 30 million people.
Experts from the cybersecurity firm Project Insecurity warned OpenEMR employees that they found “critical bugs” in its system which could give hackers wide access to medical records if exploited.
“Recurrent researches of popular open source software conducted by High-Tech Bridge suggest that many more bugs likely remain undetected. Nonetheless, the remediated vulnerabilities definitely bring OpenERM to a better overall security level and probably even cover 0 days exploited in the wild by cybercriminals,” comments web security company High-Tech Bridge‘s CEO, Ilia Kolochenko.
“Now, however, the main risk for the patients and their data will be medical institutions who may unreasonably delay patching or even won’t patch at all. Attackers will certainly start exploiting the vulnerabilities found very soon, as health records can be traded at a very attractive price on the black market.”
Most of the bugs exposed have now been patched and shared with many OpenEMR users.
Written by Leah Alger