News Stay informed about the latest enterprise technology news and product updates.

VA turns to open source EHR in wake of student-found vulnerability

A term project by a Georgia Tech graduate student lead to the discovery of a security vulnerability in  the U.S. Department of Veterans Affairs (VA) EHR system. As a result, the VA collaborated with the open source EHR community to improve the security of their vulnerable Veterans Health Information Systems and Technology Architecture (Vista) EHR system. To do so, the VA teamed with Open Source Electronic Health Record Agent (OSEHRA) to create a patch for users.

The goal of the student, John Mackey, was to show the vulnerability of large critical infrastructures. He chose to experiment with Vista because of its increasing use in private facilities, as well as VA hospitals. The flaw Mackey discovered was that certain formatting could allow the sender to perform a number of remote commands without authentication, according to OSEHRA.

“A single interested individual found a vulnerability that impacted the entire community. Every VistA user can use the resulting patch to improve security for their patients,” said Seong Ki Mun, CEO of OSEHRA, in a release announcing the collaboration.

The deployment of open source EHRs has gained traction in other corners of the healthcare field. A study conducted by the National Opinion Research Center at the University of Chicago showed that five out of six participating sites “found a number of advantages in the use of their open source EHR system.” Three of the sites used a version of Vista. The sites that were satisfied with their open source EHR system believed so because it supported patient care and streamlined workflows within their facility.

Intermountain Healthcare has pledged $25 million to an open source telemedicine software project; the results of which will ultimately be turned over to the U.S. healthcare system and telemedicine vendors. Their goal in establishing this project is to increase access to better care for patients and to educate clinicians on how and when to use telemedicine technology.