An AI tool from cybersecurity firm Aisle found 38 previously unknown vulnerabilities in OpenEMR, an open-source electronic health record platform used by over 100,000 healthcare providers globally. Discovered in just three months, the flaws ranged from medium to critical severity and included SQL injection, cross-site scripting, and authorization bypass issues. The worst could have exposed patient health data and handed attackers full server control. All 38 are now patched in versions released in February and March 2025. For comparison, a manual audit in 2018 took far longer and found only 23 flaws. OpenEMR has since built Aisle's tool into its code review process.
Source: Dark Reading