Four security vulnerabilities in an open-source medical records management platform allow remote code execution, patient data theft and more. Four vulnerabilities have been discovered in the OpenClinic application for sharing electronic medical records. The most concerning of them would allow a remote, unauthenticated attacker to read patients personal health information (PHI) from the application. The flaws remain unpatched, researchers at Bishop Fox said. The project did not immediately return Threatpost s request for comment.
Source: https://threatpost.com/electronic-medical-records-openclinic-bugs/161722/