AI uncovers 38 vulnerabilities in largest open source medical record software (aisle.com)

AISLE has disclosed 38 critical vulnerabilities, known as CVEs, in OpenEMR, one of the largest open-source electronic health record systems, used by over 100,000 medical providers. This discovery highlights a pressing security gap in healthcare software as digital transformation accelerates without commensurate security upgrades. OpenEMR's latest version, released in February 2026, is deemed essential for protecting sensitive patient data, and the newly uncovered vulnerabilities could have allowed significant attacks, including SQL injection leading to database compromises and remote code execution. The rapid identification of these CVEs—more than a significant prior audit conducted in 2018—was facilitated by AISLE's AI-powered analysis tools. The partnership between AISLE and OpenEMR allowed for swift remediation, with most fixes implemented within weeks of discovery. This collaboration not only enhances the security of OpenEMR but also sets a precedent for leveraging autonomous tools to bolster healthcare application security, ultimately prioritizing patient safety and data privacy. The integration of AISLE’s analysis into OpenEMR’s code review process aims to prevent future vulnerabilities, illustrating an effective model for securing critical healthcare infrastructure in an evolving threat landscape.