athenahealth has issued a software update to its Epocrates app after learning a software bug threatened the protection of usernames and passwords.
Researchers from Boston-based Northeastern University found the bug and notified the cloud-based EHR vendor, according to The Boston Globe. The bug allowed log in credentials to be viewed by others if a user logged into the app on a public Wi-Fi network.
The researchers told Epocrates of the bug Nov. 16, and the vendor released an updated version of the app Nov. 21.
"It was information that ideally shouldn't have been there, and when we found out about it we made sure that vulnerability was eliminated," Tim O'Brien, athenahealth's chief marketing officer and a leader of the Epocrates team, told The Boston Globe.
Mr. O'Brien added that even if a hacker had accessed a user's account, no personal information would be accessible, as the app does not store patient data or any personal data of the clinician using the app.
Epocrates' notice to users to update the app says there is no indication any log in credentials were compromised, but the vendor asked users to reset their passwords as an added security measure.
More articles on health IT:
40 hospitals with innovation centers
The 3 things Google's Larry Page and Epic's Judy Faulkner have in common
Accenture report: Investment in 'Ubers of healthcare' to hit $1B by year's end