Major Bug Hits OpenEMR
A group of security researchers from Project Insecurity this week reported finding over 20 security flaws in OpenEMR, a popular open source electronic medical record and medical practice management software. Those flaws, if exploited, could have led to the exposure of the personal information of around 90 million or more patients worldwide. The vulnerabilities included a portal authentication bypass, multiple instances of SQL injection and remote code execution, unauthenticated information disclosure, unrestricted file upload, and more.
Fortunately for the patients, that actual flaws were actually found a month before and reported to the OpenEMR developers under NDA in order to provide time to fix them.