Five things to know about the older version of OpenEMR and its vulnerabilities, according to the HHS:
- OpenEMR is used by approximately 100,000 medical providers serving more than 200 million patients.
- An older version of OpenEMR was found to have three vulnerabilities — unauthenticated file read, authenticated local file inclusion and authenticated reflected XSS.
- If the EHR system is not updated, these vulnerabilities could lead to hackers gaining access to the system and stealing sensitive information, according to the HHS.
- The vulnerabilities were highlighted in software development solution company Sonar’s report and was addressed to OpenEMR on Oct. 24.
- On Nov. 30, OpenEMR released a patched version of the system.
