Analecta Cyber Company Blog: CIMA DocuClass Healthcare Solution Vulnerable to Data Extraction

2016-07-06

CIMA DocuClass Healthcare Solution Vulnerable to Data Extraction


Earlier today Karn Ganeshen released details of several exploits that allow an attacker to bypass authentication and extract ePHI records stored in the CIMA DocuClass storage system used my many healthcare providers.

Specifically, an access control flaw allows an attacker to easily access any records stored in the system without requiring a user logon.

Other exploits were also identified, however, the unauthenticated access poses most immediate threat at this time.

WARNING: If you are using the CIMA DocuClass solution and it is publically accessible, we recommend you immediately disconnect the system from any network and investigate recent access audit logs.

We have attempted to contact CIMA for information about a pacth but have not heard back yet.

Updated 16 July, 2016

The vendor, CIMA, has not returned any calls or emails requesting further information.

Recommended Response

1. Ensure only internal access to any DocuClass system you are operating.
2. Increase logging and monitoring of the system.
3. Plan a transition from DocuClass to a comparable technical solution.
4. Implement the new technical solution.

Analecta is able to provide assistance with technical logging and monitoring of the CIMA DocuClass system to assist you in protecting critical ePHI during your transition to a new solution. Contact us at info@analecta-llc.com.


The original researcher provided the following link: ipositivesecurity.blogspot.com
More information about the series of exploits can be found here: https://www.exploit-db.com/exploits/40059/