SAP EMR Unwired

Functions

SAP EMR Unwired is the mobile application providing to medical personnel data access of the patient in any place of medical institution. The application connects to clinical a backend systems, information on hospital and image processing systems (PACS) and allows to browse data of the patient in a convenient format.

Basic functions of SAP EMR Unwired:

• Work with the relevant list of patients from the clinical systems and the filter of the work flows given for optimization
• Accomplishment of record of clinical data with use of tests, photos and audio-files
• Viewing pictures of X-ray and tomography (pictures for not diagnostic purposes), documents and clinical orders
• Creation of individual albums of pictures of patients on the specified PACS systems
• Monitoring of key indicators of a status of patients, results of laboratory researches and diagnoses and check of notes on a course of disease
• Viewing the integrated special web pages, contents of the intranet and HTML5 applications

In mobile applications of SAP dangerous vulnerabilities are detected

On December 23, 2013 the Digital Security company announced detection of vulnerabilities in mobile applications of SAP for health care. As the director of the research center Digital Security Dmitry Evdokimov who detected them explained TAdviser, vulnerabilities were in two applications - SAP EMR Unwired and SAP Clinical Task Tracker. The first of them is intended for access for medical staff to data of patients from mobile devices, and the second provides access to clinical tasks, the appointed patients.

According to Evdokimov, in total he found five vulnerabilities in these applications among which - a non-authorized access (Unauthorized access), passwords (Hardcoded password for key store) sewed in the code and disclosure of critical information (Information Disclosure).

Interface of mobile application SAP EMR Unwired

Digital Security also reported that recently SAP closed the designated "holes". Digital Security sent their description to SAP on behalf of ERPScan, the subsidiary international company, in April, 2013, but partnership about SAP and the available arrangements did not allow to announce the found vulnerabilities until they are closed, adds to the companies.

"As always, our partners of SAP AG showed a responsible attitude to security of the products, including, and prerelease. Following the best world practices of security of business applications, SAP AG closely cooperates with independent researchers of security and, according to the advanced methodology of SDLC, aims to close possible vulnerabilities in the products as soon as possible", – note in Digital Security.

The company notes that it was the first case of closing of vulnerabilities in the mobile applications of SAP found the third-party company.

"Vulnerabilities on type quite widespread. Another thing is that before vulnerabilities nobody found in mobile applications of SAP. But in the nearest future there will be for certain more and more different "holes" in mobile platforms as they become more popular", – Dmitry Evdokimov told TAdviser.

The Russian representative office of SAP noted that one of popular IT trends is BYOD (Bring Your Own Device) today, and, respectively, wide circulation of the mobile applications intended for a full-fledged work from mobile devices of remote workers from the most different industries is characteristic. With respect thereto also the number of the viruses attacking mobile workers increases. For example, according to data of McAffee company, the famous antivirus software vendor, in the third quarter the number of malware for mobile devices doubled 2012, and the number of attempts of cracking of databases for the same period increased up to the record sizes, brought data into the companies.

"SAP as one of leaders in the market of corporate applications, quickly monitors a situation and timely works on protection against external influences of the software, doing it safe and providing protection against again developing viruses and malware. Use of license software, the correct support and operational software updating give to our customers confidence in data protection", – told TAdviser in the Russian representative office of SAP.