A data software security researcher may face charges after he exposed an encryption vulnerability in a dental practice software company that compromised the data of 20,000 patients, reports The Daily Dot.
In February, Justin Shafer discovered an online File Transfer Protocol server operated by dental practice management software company Eaglesoft that contained a directory with patient data. Mr. Shafer alerted Patterson Dental, which manufactured Eaglesoft, of the publicly available patient data, according to the report.
But now, Patterson Dental is alleging Mr. Shafer "exceeded authorized access" when accessing the online server and is in violation of the Computer Fraud and Abuse Act, according to The Daily Dot.
Last week, the FBI showed up at Mr. Shafer's house and seized 29 items.
"I think it is a cowardly thing to do to my family," Mr. Shafer told The Daily Dot. "I think they owe me a thank you, and I think they owe the patients and covered entities an apology. I also feel like they should be heavily fined for storing patient data on an anonymous FTP site for years."
More articles on data breaches:
Managing insider cybersecurity risk: 5 key findings
Unhealthy rise in healthcare privacy breaches: 5 tips to stay ahead of patient privacy threats
Vendor misconfiguration breaches Children's National Health System patient data