March 25, 2020 – Alert: HS2020-03: Multiple HealthShare Alerts

This post is part of the HealthShare HS2020-03 Alert communications process.  The same information is also distributed:

There are 7 alerts in the HealthShare HS2020-03 Alert communication, including the previously posted “Alert: Possible Data Integrity Issues after Compaction or Defragmentation”  The Alert Summary is in the table below, and the detail is contained in the attached document: HS2020-03-Communication


Product & Versions Affected

Risk Category & Score

HS2020-03-01: Break-the-Glass Events not Properly Audited for ODSHealthShare Unified Care Record 2019.1 and 2019.2 using the Operational Data Store4-High Risk (Privacy)
HS2020-03-02: Archiving of Historical Aliases Causes System HangHealthShare Patient Index 2018.1, 2019.1, and 2019.23-Medium Risk (Operational)
HS2020-03-03: Permissions to Access Patient Records Vary Between Clinical Viewer v1 and v2HealthShare Information Exchange and Unified Care Record v2 viewer in 2018.1, 2019.1 and 2019.24-High Risk (Privacy)
HS2020-03-04: Invalid Handling of Improperly Formatted Reference Ranges in HL7 V2 Result MessagesHealthShare Information Exchange 15.03 and 2018.1; Unified Care Record 2019.1 and 2019.23-Medium Risk (Clinical)
HS2020-03-05: AngularJS 1.5.8 VulnerabilityAll versions of HealthShare Personal CommunityExternal (Security)
HS2020-03-06: “LogCounter” in Access Gateway is Reset on UpgradeAll versions of HealthShare Information Exchange and Unified Care Record up to and including 2019.13-Medium Risk (Operational)
HS2020-03-07: Possible Data Integrity Issues after Compaction or DefragmentationAll HealthShare products starting from HealthShare 15.x and Personal Community 12.x and above.

HealthShare Health Connect 2019.1.0 and 2019.1.1 based on InterSystems IRIS®, and older Health Connect versions built on Cache/Ensemble 2016.2 and above.

2-Low Risk (Operational)

If you have any questions regarding this advisory, please contact the Worldwide Response Center (WRC).