38 Vulnerabilities in OpenEMR Allow Access to and Modification of Patient Data

Security researchers at Aisle discovered 38 vulnerabilities in OpenEMR, an open-source electronic medical records platform widely used by healthcare providers globally. Some of the flaws can be exploited to access and alter sensitive patient information, including medical records and personal health data.

Healthcare organizations running OpenEMR should apply available patches immediately and restrict network access to OpenEMR instances to authorized clinical networks only. OpenEMR’s deployment base skews toward smaller providers with limited dedicated security capacity, increasing the risk of delayed patching. The volume of vulnerabilities (38) suggests a systemic lack of security hardening in the codebase rather than isolated findings.