1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hard-coded credentials placing dental offices at risk

Discussion in 'CSO' started by RSS, May 19, 2015.

  1. RSS

    RSS New Member Member

    Henry Schein is one of the largest names in the dental industry. The company says that more than 35,000 dental practices rely on their flagship product – Dentrix – to cover both the clinical and business side of day-to-day operations.

    The downside to this large market share, according to researcher Justin Shafer, is that Dentrix customers have been unknowingly exposed to risk and regulatory action after the latest version of the software shipped with a flaw that was supposed to have been patched two years ago.

    Another troubling aspect to this story is the silence from US-CERT on the matter. The vulnerability was disclosed US-CERT last year, but nothing's happened since. Considering patient data is being placed at risk from both network-based and physical attacks; the situation is one where responsible (coordinated) disclosure has failed. That's unfortunate, because the researcher did everything right, but the problem remains.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page