OpenEMR

OpenEMR, widely adopted by over 100,000 medical providers to manage records of more than 200 million patients, identified three critical vulnerabilities within an older version of its software. Spotted by Sonar, these vulnerabilities - Unauthenticated File Read, Authenticated Local File Inclusion, and Authenticated Reflected XSS - possess the potential for enabling ransomware and data breach attacks, posing serious threats. The risks apply to data integrity and accessibility of patient information. Although patches were released in the updated OpenEMR version 7.0.0, those using outdated versions remain exposed to the exploitable weaknesses, which if leveraged by cybercriminals, could lead to substantial data compromises. An immediate update to the software is urged to safeguard patient data and thwart potential cybersecurity incidents.

Source: https://www.hcinnovationgroup.com/cybersecurity/data-breaches/news/21294503/hc3-sector-alert-on-older-versions-of-openemr

"id": "ope452070624",
"linkid": "openemr",
"type": "Vulnerability",
"date": "2/2023",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"