OSEHRA, VA Reveal Open Source EHR Security Patching Benefits
The U.S. Department of Veterans Affairs (VA) and the open source IT community have paired up to prove the benefits of fixing technical security flaws within an open source system. According to the Open Source Electronic Health Record Agent (OSEHRA) corporation, Georgia Tech graduate student Doug Mackey evaluated the Veterans Health Information Systems and Technology Architecture (VistA) EHR for a term project on computer security and found a substantial security vulnerability.
Mackey broke down VistA’s code base as part of his project and found a large gap in an obscure communications broker program. According to OSEHRA, with some creative formatting, a message could be sent that allowed an unauthorized user to execute a number of remote commands. OSEHRA, a non-profit corporation that focuses on open source EHR collaboration, led the collaborative effort to fix the issue.
- Tags:
- Department of Veterans Affairs (VA)
- Doug Mackey
- electronic health records (EHRs)
- Indian Health Service (IHS)
- Information Technology (IT)
- open source
- Open Source Electronic Health Record Agent (OSEHRA)
- security
- Seong Ki Mun
- Veterans Health Information Systems & Technology Architecture (VistA)
- VISTA Expertise Network (VEN)
- Login to post comments