An automated, AI-driven analysis of the most widely used electronic medical records platform uncovered 38 previously unknown vulnerabilities, including two critical flaws with maximum CVSS severity scores of 10.0. The vulnerabilities were identified as part of a collaboration between AISLE, an autonomous, AI-native application security platform, and OpenEMR, an open source and U.S. government-certified platform, the purpose of which was to identify and remediate critical vulnerabilities in the platform before they could be exploited by malicious actors.

OpenEMR is used by more than 100,000 healthcare providers worldwide, and the platform serves more than 200 million patients globally. OpenEMR is free open source software with no licensing fees and relatively low operating costs, making it a popular choice for under-resourced healthcare providers. The platform is widely used in the United States.

The analysis by AISLE resulted in 39 GitHub Security Advisory (GHSA) vulnerabilities in Q1, 2026, including critical, high, and moderate severity vulnerabilities, with 38 of the 39 vulnerabilities receiving CVE designations. The two most serious vulnerabilities could potentially have been exploited to access and rewrite patient and provider data, compromise the full database, and achieve remote code execution on the server, allowing ePHI to be exfiltrated at scale. One of the maximum severity flaws could be exploited by a remote attacker with no authentication on any Internet-reachable OpenEMR instance.

The vulnerabilities identified by AISLE accounted for more than half of all OpenEMR Security vulnerabilities published on GitHub in Q1, 2026. “These disclosures reflect the growing threats that healthcare institutions face in the age of AI,” said Stanislav Fort, co-founder and chief scientist at AISLE. “Because human lives and identities are at stake, few issues are as critical as ensuring that medical codebases are secure. AISLE’s collaboration with OpenEMR shows that AI-driven analysis can help dedicated, lean teams defend vital systems and remain compliant.”

Threat actors are increasingly using AI to analyze code and identify exploitable vulnerabilities, so it is vital for defenders to also use AI to accelerate the discovery and remediation of vulnerabilities. Through the partnership with AISLE, the OpenEMR maintainers were able to fix the vulnerabilities before they could be exploited and have now begun a partnership with AISLE to secure the OpenEMR for years to come.

AISLE generated a repository-native fix proposal OpenEMR’s own abstractions, authorization patterns, and sanitization helpers for each of the 38 CVEs. AISLE produced the fix for one of the critical vulnerabilities, and for other critical flaws, OpenEMR maintainers adopted AISLE’s proposed remediation into the final fix. The OpenEMR maintainers now have access to AISLE’s AI-native AppSec platform, which allows them to automatically detect, triage, and fix software vulnerabilities. OpenEMR can now focus on hardening defenses without having to employ additional team members. In addition to using the platform to identify vulnerabilities in production code, OpenEMR is using the AISLE vulnerability analyzer to analyze code and identify security issues before they reach production.

The post AI Analysis Identifies 38 Flaws in OpenEMR Platform appeared first on The HIPAA Journal.

A study of security leaders from the healthcare and manufacturing industries found that while there is an almost universal desire to deploy modern microsegmentation, more than 90% of respondents said they had protected fewer than 80% of critical systems, despite almost half admitting to falling victim to lateral movement attacks in the past year. In healthcare, fewer than 6% of respondents said that their organization had implemented microsegmentation across 80% or more of their critical systems.

Microsegmentation is a cybersecurity technique that divides networks into small, distinct, and isolated zones to secure workloads, applications, or devices. Traditional network segmentation, such as Virtual Local Area Networks (VLANs), creates broad segmented zones, whereas microsegmentation applies security policies at the individual workload or application level. Microsegmentation allows organizations to implement East-West traffic control within their data center, rather than only North-South traffic controls for identifying traffic leaving the network. It provides deep visibility into network traffic flows, including which applications are communicating with each other.  Healthcare organizations can enable strict isolation and monitoring of systems that handle sensitive data such as protected health information (PHI), which can simplify HIPAA Security Rule compliance.

Microsegmentation protects internal workloads from applications without authorized access, and can be applied to on-premises and hybrid environments. It reduces the attack surface and greatly limits the potential for lateral movement. In the event of compromise, attackers are contained within a microsegment, limiting the harm they can cause and the data they can access.

The study was conducted on 352 healthcare and manufacturing security leaders by Omdia, on behalf of the network segmentation specialists Elisity. The survey revealed 99% of respondents were implementing or planning to implement microsegmentation, with 57% of respondents ranking microsegmentation as their main initiative to prevent lateral movement; however, they were slow to fully implement it. Only 9% of respondents had implemented it across 80% or more of critical systems, and just 6% in healthcare. While Microsegmentation ranked first among planned priorities, it ranked close to the bottom 24% among currently deployed zero-trust architectures.

There have been challenges with implementing microsegmentation in the past; however, modern identity-based microsegmentation is a different beast, as it requires no agents, no hardware changes, and no VLAN recognition. Instead, the policy is enforced directly on network switches. “Microsegmentation has matured, but many organizations still carry the scars of earlier, complex approaches. What’s changed is the architecture. Identity-based microsegmentation lets teams enforce precise policy on the switches they already run, so security becomes an enabler rather than a gate,” James Winebrenner, CEO, Elisity, said.

Most organizations still rely on VLANs, ACLs, and agent-based tools, which require constant rework and leave East-West exposure wide open, and progress with implementation has been slow. First-generation tools built around network location rather than identity have slowed real progress to a crawl, as agent-based and firewall-centric designs couldn’t uniformly cover IT, IoT, OT, or IoMT. According to Elisity, “These approaches had outdated or unsupported software (56%), high maintenance costs and hardware limitations (50%), and frequent failures or performance issues (43%).”

There have been challenges implementing microsegmentation in healthcare, especially with integrating SIEM, EDR, and SOAR. Respondents said visiting clinicians (74%) and clinical staff (72%) require the most granular policy attention, given the mix of managed and unmanaged devices moving through clinical environments. Many respondents lacked awareness of the ease and speed at which modern identity-based solutions can be deployed. Only 22% of respondents had hands-on experience of implementing microsegmentation, and most teams were still running legacy methods.

There is a clear desire to implement microsegmentation, and awareness of modern-identity-based microsegmentation is improving. “Our data shows the shift is on. Enterprises intend to deploy microsegmentation, and many now see modern solutions as easier and more effective,” said Hollie Hennessy, Principal Analyst, Omdia, who points out that with modern solutions, the timeline for implementation has shortened from years to weeks.

The post Healthcare Organizations Struggling to Implement Primary Method of Blocking Lateral Movement appeared first on The HIPAA Journal.