March 25, 2020 – Alert: HS2020-03: Multiple HealthShare Alerts
This post is part of the HealthShare HS2020-03 Alert communications process. The same information is also distributed:
There are 7 alerts in the HealthShare HS2020-03 Alert communication, including the previously posted “Alert: Possible Data Integrity Issues after Compaction or Defragmentation” The Alert Summary is in the table below, and the detail is contained in the attached document: HS2020-03-Communication
|Product & Versions Affected|
Risk Category & Score
|HS2020-03-01: Break-the-Glass Events not Properly Audited for ODS||HealthShare Unified Care Record 2019.1 and 2019.2 using the Operational Data Store||4-High Risk (Privacy)|
|HS2020-03-02: Archiving of Historical Aliases Causes System Hang||HealthShare Patient Index 2018.1, 2019.1, and 2019.2||3-Medium Risk (Operational)|
|HS2020-03-03: Permissions to Access Patient Records Vary Between Clinical Viewer v1 and v2||HealthShare Information Exchange and Unified Care Record v2 viewer in 2018.1, 2019.1 and 2019.2||4-High Risk (Privacy)|
|HS2020-03-04: Invalid Handling of Improperly Formatted Reference Ranges in HL7 V2 Result Messages||HealthShare Information Exchange 15.03 and 2018.1; Unified Care Record 2019.1 and 2019.2||3-Medium Risk (Clinical)|
|HS2020-03-05: AngularJS 1.5.8 Vulnerability||All versions of HealthShare Personal Community||External (Security)|
|HS2020-03-06: “LogCounter” in Access Gateway is Reset on Upgrade||All versions of HealthShare Information Exchange and Unified Care Record up to and including 2019.1||3-Medium Risk (Operational)|
|HS2020-03-07: Possible Data Integrity Issues after Compaction or Defragmentation||All HealthShare products starting from HealthShare 15.x and Personal Community 12.x and above.|
HealthShare Health Connect 2019.1.0 and 2019.1.1 based on InterSystems IRIS®, and older Health Connect versions built on Cache/Ensemble 2016.2 and above.
|2-Low Risk (Operational)|
If you have any questions regarding this advisory, please contact the Worldwide Response Center (WRC).