NextGen Healthcare has identified an issue on the Significant Event report where failed password details are displayed in clear text instead of being encrypted to avoid being seen by other users. This issue could allow users access to the system using the information displayed on the report.

Example

In this example, the user attempts to log into NextGen Ambulatory EHR with an incorrect password. The user successfully logs into the system and navigates to File > Reports > Significant Events. In the Significant Events Report Filter, select Sig Events Msgs from the Settings List. The user clicks the File Open icon and launches the Significant Events Message pop-up. The user searches for Invalid Login Attempt – Username/Password in the Available Message field, adds it to the Included Message field, and clicks OK. The user selects Columns from the Settings List and selects the Sig Msg, Pre Mod, and Post Mod check boxes and clicks OK to generate the report. The user sees the incorrect password attempts are clearly displayed on the report.









Actions Required

There is no workflow workaround for this issue.

Until this issue is fixed, users may remove the rights to the Significant Event report.  The user should navigate to:  System Administrator > Groups > Rights > Operations > EHR Reporting Tool > Significant Events Reporting and remove the rights to the report.

Status

This issue will be fixed in a future update. Clients who are experiencing this issue can link their practice to existing known issues on the Client Support Center website (http://csc.nextgen.com), under the Known/Fixed Issues tab by selecting the affected product and searching by Issue ID and clicking Add Me!!

All information regarding NewsFlashes can be found on the Client Support Center website (http://csc.nextgen.com), in the NewsFlash Archive section under the Known/Fixed Issues tab.

Thank you for your continued support.
NextGen Healthcare