Headline
CVE-2023-37679: NextGen Healthcare
A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.
NextGen Healthcare
Ranked #1 EHR and PM by Black Book Research
The Electronic Health Records and Practice Management (PM) by NextGen Healthcare were top ranked by independent healthcare analyst firm Black Book Research for the sixth consecutive year. NextGen Healthcare was ranked #1 EHR in 6–10, 11–25 and 26–99 Physician Groups (All Specialties) and #1 PM solution in all Physician Groups with 6–99 providers in the 2023 Ambulatory EHR PM User Survey.
Read More
What problem can we help you solve?
Practice size
My biggest challenge is
Get Started
Learn more about what we do****Our integrated platform increases productivity, improves financial outcomes, eases information exchange, and enriches the patient experience.
- Streamline and customize workflows
- Improve care team collaboration
- Document with Mobile and gain more face time with patients
- Stay current with regulatory requirements
- Improve patient engagement
- Decrease staff time spent on tedious tasks
- Deliver care conveniently with telehealth
- Enable direct connections with patients
- Target higher-risk patients to close gaps in care
- Identify patients with potential to impact outcomes
- Coordinate care with seamless communication Identify fee-for-service revenue opportunities
- Exchange meaningful information securely
- Connect disparate systems to any device
- Access data from other providers, organizations and EHRs
- Support the latest interoperability and align with Meaningful Use
- Provide better check-in and billing
- Automate charge creation
- Ensure clean claims and reduce denials
- Monitor performance and gain insights
NextGen Office
Small practices
An all-in-one solution to run your practice so you can focus on care. Practice the way you want with an award-winning, cloud-based EHR that includes a practice management platform and a patient portal.
Learn more
NextGen Enterprise
Mid-size to enterprise practices
A powerhouse EHR solution that’s scalable and adaptable to suit your specialty, workflow, and preferences. With robust specialty-specific clinical content, best-in-class practice management, advanced analytics, RCM, Clearinghouse, patient engagement, and mobile documentation, we’ve got you covered.
Learn more
Experience the benefits of one system, one partner
An EHR system that works seamlessly across the entire organization—EHR, practice management (PM), interoperability, patient self-scheduling, virtual visits, check-in, examination, documentation, check-out, billing, etc. is ideal.
Clinical templates for 26 specialties
Designed with all the productivity tools and reporting capabilities providers need, we have pre-built clinical content for 26 specialties to help you achieve better outcomes. Plus, you can configure the templates to your heart’s delight.
A virtual front door
People expect an excellent digital experience to connect with your practice. Our solutions make it easy for your patients to communicate with your practice, schedule appointments, access their medical records, complete forms, and pay their bills.
Care for your community
Manage the care of your community with a powerful population health solution. Our user-friendly population health solutions sync with your EHR, provide risk stratification of your patient population, help identify gaps in care, and support patient outreach.
A Mobile EHR
With a mobile extension of your practice, you give providers an easier way to work, from anywhere. The access enabled by a mobile EHR means you can treat patients anywhere—and all documentation flows into the patient chart automatically.
The right data now
Securely exchange health information and connect disparate systems across a patient’s entire spectrum of care, easily. Better interoperability is defined by capabilities that boost speed, security, cost-effectiveness, and compliance. Get the data you need when and where you need it.
Secure hosting with AWS
Focus on patient care, not IT management. Scalable, cloud-based hosting services can help reduce the burden of health IT maintenance, speed implementations, simplify upgrades, and cut technology costs. Amazon Web Services (AWS) offer world-class security capabilities and system performance.
People are loving NextGen Healthcare
Hear what our clients have to say about us
****Our clients are making healthcare better****
Everything we do is with our clients in mind. Our solutions are driven by our clients’ input, designed with their needs at the center. Every decision we make is to help our clients become more successful, to improve their clinical and financial outcomes, and to strengthen the health of their communities. We are grateful for our clients every day, in every corner of this company.
We needed a solution that offers meaningful insights to support and sustain our growth. An added benefit of this fluid functionality and connectivity is that it streamlines processes for our staff and provides a better work/life balance for our doctors.
CMO Morris Heights Health Center
Related Content
Learn more about NextGen Healthcare solutions
****The results speak for themselves****
Our solutions have garnered many accolades, but we’re most proud of improving the lives of patients and providers. We continue to develop innovations that help make healthcare better for everyone.
Ready to upgrade your practice?
Make the switch to NextGen Healthcare
Related news
A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and assigned CVE-2023-37679. Later, researchers from Horizon3.ai determined the patch to be incomplete and published a gadget chain which bypassed the deny list that the original had implemented. This second vulnerability was assigned CVE-2023-43208 and was patched in Mirth Connect version 4.4.1. This Metasploit module has been tested on versions 4.1.1, 4.3.0 and 4.4.0.
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. This is a bypass of the patch put in for CVE-2023-37679.
Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version 4.4.1 released on October 6, 2023. "This is an easily exploitable, unauthenticated remote code