Posted 03/23/2015 at 8:18 AM
Posted 2 years ago
Two security flaws found within SAP’s Electronic Medical Records (EMR) Unwired app have been corrected.
The issues were found to possibly allow the uploads of fake patient records, this, according to Alexander Polyakov, CTO of ERPScan, in a report found here.
An SQL injection was discovered to let other apps gain access to the EMR Unwired database.
Polyakov said in a phone interview “For example, you can upload malware to the phone, and this malware will be able to get access to this embedded database of this health care application…You can send fake information about the medical records, so you can imagine what can be done after that…You can say, ‘This patient is not ill’.”
The issues were fixed around a month ago.