OSEHRA, VA Reveal Open Source EHR Security Patching Benefits

Patrick Ouellette | Health IT Security | November 15, 2013

The U.S. Department of Veterans Affairs (VA) and the open source IT community have paired up to prove the benefits of fixing technical security flaws within an open source system. According to the Open Source Electronic Health Record Agent (OSEHRA) corporation, Georgia Tech graduate student Doug Mackey evaluated the Veterans Health Information Systems and Technology Architecture (VistA) EHR for a term project on computer security and found a substantial security vulnerability.

Mackey broke down VistA’s code base as part of his project and found a large gap in an obscure communications broker program. According to OSEHRA, with some creative formatting, a message could be sent that allowed an unauthorized user to execute a number of remote commands. OSEHRA, a non-profit corporation that focuses on open source EHR collaboration, led the collaborative effort to fix the issue.