HomeNewsA bug has been found on a philips database used for storing...

A bug has been found on a philips database used for storing sensitive information

-

Last Updated on 22/11/2021 by Nidhi Khandelwal

Image courtesy; TechRepublic

The Philips Tasy EMR, a medical record solution and healthcare management system used by hundreds of institutions, is vulnerable to two serious SQL injection issues.

The flaws are identified as CVE-2021-39375 and CVE-2021-39376, and both have a CVSS v3 severity score of 8.8.

These are two-parameter SQL injection issues that rely on the incorrect escaping of special characters in SQL instructions.

A bug has been found on a philips database used for storing sensitive information 1
Image courtesy; CyberArts

Tasy EMR HTML5 3.06.1803 and earlier versions of the product are affected, so all companies utilising the healthcare suite should upgrade to version 3.06.1804 or later.

CISA has also issued an advisory for the product, which is widely used in both public and private health institutions throughout Latin America, primarily in Argentina, Brazil, Colombia, Mexico, and the Dominican Republic.

Healthcare data breachesMedical records, patient care histories, medical supply details, financial and billing information, and general hospital management data are all stored in the Tasy EMR system.

Because it is a central location for storing sensitive data, its compromise would expose a significant number of people.

This is especially troublesome since hospitals are frequently required to care for emergency patients without first obtaining consent to process their data.

The obligation for data security is frequently placed on public bodies that are working with limited resources and in tough circumstances, such as those imposed by a persistent pandemic.

These are the reasons why ransomware gangs have recently targeted the healthcare sector, and why simply stealing files would be enough to start the extortion process.

Mitigations to be enforced:

Hospitals that use the Tasy EMR should upgrade to the latest available service pack, and Philips offers support on how to do that through its regional customer service teams.#Furthermore, healthcare companies should take steps to reduce such systems’ network exposure, separate them from external networks, and build firewalls.

A bug has been found on a philips database used for storing sensitive information 2
Image courtesy; Healthcare IT News

Doctors should always use VPN (Virtual Private Network) software to connect to these sensitive databases when they need remote access.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -[the_ad id="13487"]

Must Read