How Secure Is Your Health Information? Electronic Medical Record Vulnerability Discovery

Electronic Medical Record (EMR) System vulnerabilities provide an easy target for hackers to steal valuable personal data. With an average cost to a healthcare provider of $9.23 million per hacking incident (Ponemon Institute, 2021), EMR vendors need to work with security researchers to review, discover, and patch these vulnerabilities before attackers exploit them. While the security community has made some efforts to disclose vulnerabilities, these efforts are often sporadic and rely on niche feature sets to be enabled. Security researchers’ limited time and resources need to be focused on the most used and most likely to be exploited targets in these EMR applications.

This whitepaper utilizes vulnerability exploitation in a popular open-source EMR application to provide specific areas for researchers to focus efforts on securing the applications that protect this valuable data.