Dive Brief:
- Officials with the Department of Veterans Affairs (VA) have been forced to release a software patch to fix a flaw in the VA's VistA EMR discovered by a technology graduate student.
- The flaw found by the student made it such that some remote messages were not properly checked for security, and that meant unauthenticated or unauthorized users could execute thousands of database operations.
- The VA and the not-for-profit Open Source Electronic Health Record Agent (OSEHRA) have been working since June to create the patch for VistA.
Dive Insight:
This is a case in point as to why open source software has great merit. With the code out there and available for use and study, security problems such as these are often found by members of the vigilant technical community. It's a bit troubling that it took months to get the VA and OSEHRA's patch in place, but at least the problem was found and fixed.