AISLE Discovers 38 Critical Security Vulnerabilities in Healthcare Software Used by 100,000 Providers
AISLE and OpenEMR partner to uncover and remediate critical vulnerabilities while establishing continuous AI-driven security for healthcare systems
SAN FRANCISCO and PRAGUE, April 28, 2026 (GLOBE NEWSWIRE) -- AISLE today announced that its autonomous analyzer has discovered 38 critical security vulnerabilities in OpenEMR, the world’s most widely used open source electronic medical records platform. These issues, which include two designated critical severity, with CVSS scores of 10.0, could have been exploited to access and rewrite patient and provider data, posing a serious health and regulatory risk to individuals and institutions.
OpenEMR is used by more than 100,000 medical providers, serving more than 200 million patients in 34 languages. While it is widely adopted in the United States, it also plays a significant role in under-resourced settings worldwide.
AISLE disclosed 39 GitHub Security Advisory (GHSA) vulnerabilities, including critical, high, and moderate severity findings, all of which were patched by the OpenEMR maintainers. This total represents more than half of all OpenEMR GHSAs reported during Q1 of 2026. Underscoring the severity of the disclosures, 38 of the 39 security issues received CVE designations.
“These disclosures reflect the growing threats that healthcare institutions face in the age of AI,” says Stanislav Fort, co-founder and chief scientist at AISLE. “Because human lives and identities are at stake, few issues are as critical as ensuring that medical codebases are secure. AISLE’s collaboration with OpenEMR shows that AI-driven analysis can help dedicated, lean teams defend vital systems and remain compliant.”
Empowering open source projects with AI
While reporting and remediating these vulnerabilities, OpenEMR and AISLE began a partnership to secure the open-source electronic medical records codebase for years to come. To that end, OpenEMR maintainers now have access to AISLE’s AI-native AppSec platform, enabling them to automatically detect, triage and fix software vulnerabilities. OpenEMR can now focus on hardening defenses without adding new team members.
Importantly, OpenEMR maintainers are not only using AISLE to secure their production code. They are also resolving security issues before they reach production with AISLE’s AI-powered vulnerability analyzer, which delivers fixes as pull request comments in GitHub.
Executive director of the OpenEMR Foundation Brady Miller said, “For a project like OpenEMR, where the stakes are patient safety and health data privacy, we couldn't be more excited about our partnership with AISLE. Their autonomous analyzer uncovered dozens of vulnerabilities in our codebase. Now, with AISLE's analyzer running at the code review stage, we're catching and fixing vulnerabilities before they ever reach production."
By using AI to unify issue discovery, triage and patching, the OpenEMR maintainers are better positioned to withstand the growing risks to electronic medical records. For more information on the discoveries, visit the AISLE blog.
About AISLE™
AISLE is the autonomous, AI-native application security platform that automatically finds, triages, and fixes software vulnerabilities. It plugs into existing code repositories, understands the context of each project, and produces verified code fixes that humans can review and approve. It consolidates four previously fragmented security capabilities into a single platform.
Contact:
Jennifer Tanner
aisle@lookleftmarketing.com
Look Left Marketing
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
