Hacking Electronic Health Records

How a dangerous security flaw discovered in one of the most pervasive electronic medical record platforms in the U.S. was found and fixed before it could do damage.

Kelly Jackson Higgins, Executive Editor at Dark Reading

December 5, 2013

1 Min Read

Graduate student Doug Mackey was starting to wonder whether his research on the security of one of the nation's most ubiquitous electronic health records (EHR) software platforms was so interesting after all. A month of poking around for vulnerabilities in the simulated EHR system he had fashioned in a makeshift lab in his apartment hadn't turned up anything out of the ordinary in the code.

But then one day this spring, he spotted something in a second interface he was testing that shocked him: "It was very quickly obvious that it had no real security at all," says Mackey, a student in Georgia Tech's information security program. "I was quite surprised."

Mackey had discovered a major logic flaw in a key component of the code in the so-called VistaA (Veterans Health Information Systems and Technology Architecture) software, a platform originally built by the U.S. Veterans Administration for internal use at its hospitals and clinics, and later handed over to the open-source community to further its development and adoption across the entire health-care industry. It's one of the most widely adopted platforms for EHR in the country by VA and commercial hospitals and clinics, and it has also gained some traction overseas.

Read the rest of this article on Dark Reading.

About the Author(s)

Kelly Jackson Higgins

Kelly Jackson Higgins

Executive Editor at Dark Reading

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary.  Follow her on Twitter @kjhiggins.

See more from Kelly Jackson Higgins
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Bald eagles, eagle in flight.
Cyber Resilience
9 Ways CISOs Can Stay Ahead of Bad Actors9 Ways CISOs Can Stay Ahead of Bad Actors
byLisa Morgan
Jul 24, 2024
9 Slides
Binary code concept pattern and big data structure.Net and source code.Abstract background of technology, science and cloud computer.
Data Management
How Much Data Is Too Much for Organizations to Derive Value?How Much Data Is Too Much for Organizations to Derive Value?
byCarrie Pallardy
Jul 22, 2024
11 Min Read
CrowdStrike Holdings, Inc. logo is displayed on a smartphone screen.
Cyber Resilience
CrowdStrike Aftermath: Lessons Learned for Future RecoveryCrowdStrike Aftermath: Lessons Learned for Future Recovery
byJoao-Pierre S. Ruth
Jul 24, 2024
6 Min Read
Calculator displaying the text "SALARY" on top of $100 bills.
IT Leadership
2024 InformationWeek US IT Salary Report: Profits, Layoffs, and the Continued Rise of AI2024 InformationWeek US IT Salary Report
byInformationWeek Staff
Jun 4, 2024
1 Min Read
Digital Security and Threat of a System
IT Leadership
11 Ways Cybersecurity Threats are Evolving11 Ways Cybersecurity Threats are Evolving
byLisa Morgan
Jun 13, 2024
11 Slides
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports