Student discovery leads to security patch for VistA

A discovery by a graduate student of a security gap in VistA's open source electronic health record software has enabled organizations to work together to create a patch for it, according to an article in EHRintellingence.com.

Georgia Institute of Technology student Doug Mackey, who was reviewing the code in an open source version of VistA for a school project, found a gap that appeared could allow a sender of messages to exercise remote commands without authentication, according to the article. VistA contacted the Open Source Electronic Health Records Agent (OSEHRA), which hosts software repositories for VistA and other applications, to put together a collaborative effort to create and test a patch to correct the security gap.

The patch has now been distributed to Veterans Affairs and Indian Health Services sites.

"We're very proud of both the process and the outcome here," Seong Ki Mun, CEO of OSEHRA, said in a statement. "A single interested individual found a vulnerability that impacted the entire community. Every VistA user can use the resulting patch to improve security for their patients.

"The level of cooperation among agencies, companies, and individuals was unprecedented, and demonstrates the real power of the open source community."

Advocates of open source EHR systems such as VistA claim that they are better than closed proprietary systems in terms of development, innovation and continuous quality improvement. The U.K. announced earlier this year that it is considering adoption of an open source EHR such as VistA.

To learn more:
- read the EHRIntelligence.com article
- here's the OSEHRA announcement

Suggested Articles

Roche, which already owned a 12.6% stake in Flatiron Health, has agreed to buy the health IT company for $1.9 billion.

Allscripts managed to acquire two EHR platforms for just $50 million by selling off a portion of McKesson's portfolio for as much as $235 million.

Artificial intelligence could help physicians predict a patient's risk of developing a deadly infection.