PHOENIX, Sept. 10, 2019 /PRNewswire/ -- Bishop Fox, the largest private cybersecurity professional services firm focused on offensive security testing, has uncovered two vulnerabilities, one of which is high risk, in OpenEMR, which is a widely used medical records management tool. Bishop Fox researchers found the security issues in Version 5.0.1(6) of OpenEMR's open source software, which contains millions of electronic patient records from around the world.
The vulnerabilities were uncovered by Chris Davis, a senior security analyst at Bishop Fox.
"Due to the nature of the application, incredibly sensitive information was available as a result of these vulnerabilities – sensitive medical data, people's names, social security numbers, physical addresses, dates of birth, etc.," said Davis. "Exploitation could lead to a complete server compromise and once the server is compromised, it puts the attacker on the internal network. This changed the attack scope from external to internal, making it especially dangerous."
Davis and Bishop Fox disclosed their findings to OpenEMR and the parties worked together to remediate the issues quickly. Additional technical information on how Bishop Fox found and exploited these vulnerabilities can be found here.
About Bishop Fox
Bishop Fox is the largest private cybersecurity professional services firm focused on offensive security testing. Since 2005, the firm has provided security consulting services to the world's leading organizations – working with over 25% of the top Fortune 100 companies – to help secure their products, applications, networks, and cloud with penetration testing and security assessments. The company is headquartered in Phoenix, AZ and has offices in Atlanta, GA; San Francisco, CA; New York, NY; and Barcelona, Spain.
SOURCE Bishop Fox