Security vulnerabilities in OpenEMR, one of the world’s most popular open-source medical management software, have left the personal information of more than 90 million patients exposed, the BBC reports. Researchers discovered nearly 30 security bugs.

OpenEMR is used to store medical records, coordinate scheduling, and to manage billing.  Within the United States, it tracks the personal medical data of more than 30 million people. Gizmodo reports, “Eighteen of the bugs were designated as having a ‘high’ severity and could’ve been exploited by hackers with low-level access to systems running the software.” The BBC says the vulnerabilities could have given hackers “wide access to medical records.”

Open-source software like OpenEMR is often favored for its flexibility because developers can quickly and easily customize it for their needs. Many believe because it has so many people working with it, that security issues would be more visible, and therefore easier to fix. However, that visibility could also potentially extend to hackers.

Patches for the OpenEMR bugs have been released to users, and shared with partners and cloud customers.

Get the full story at the BBC.