25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Vulnerability Identified in Philips Tasy EMR

Posted By on May 1, 2019

A vulnerability has been identified in the Philips Tasy EMR information system. If exploited, an attacker could send unexpected information to the system, execute arbitrary code, alter information flow, and gain access to patient information.

The flaw was identified by security researcher Rafael Honorato who reported the vulnerability to Philips, which reported the flaw to the National Cybersecurity and Communications Integration Center. An advisory about the vulnerability was issued by ICS-CERT on April 30, 2019.

The vulnerability – CVE-2019-6562 – is present in Tasy EMR versions 3.02.174 and earlier, and mostly affects healthcare providers in Brazil and Mexico. The vulnerability has not been exploited in wild and no public exploits have been identified.

The cross-site scripting vulnerability is caused by improper neutralization of user-controllable input during web page generation. The vulnerability requires a low level of skill to exploit by an individual on the customer site or connecting via a VPN. Despite the potential for information exposure, the vulnerability has been assigned a CVSS v3 base score of 4.1 out of 10.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

According to the Philips advisory, “Philips analysis has shown that it is unlikely that this vulnerability would impact clinical use, due to mitigating controls currently in place. Philips analysis indicates that there is no expectation of patient hazard due to this issue.”

Philips has advised all users of Tasy EMR to update to the latest three versions of the software as soon as possible and to ensure Service Packs are applied promptly. Philips will be patching hosted solutions automatically and users who have installed Tasy EMR on-premise will receive alerts when new software versions are released.

Additionally, Philips recommends following the instructions in the product configuration manual and ensuring that Tasy EMR is only accessible over the internet via a VPN.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist