Tanium allegedly exposes California hospital's IT network during product demos

Tanium, an Emeryville, Calf.-based cybersecurity startup, allegedly exposed Mountain View, Calf.-based El Camino Hospital's private IT network during multiple product demonstrations without the hospital's permission, according to The Wall Street Journal.

Here are five things to know.

1. Tanium, which is valued at $3.5 billion, provides software to help organizations map their computer networks and identify vulnerabilities. Tanium reportedly pitched its products to potential clients through a demonstration that showed how the software works within the network of a hospital, according to three demonstration videos posted online by Tanium and its resellers.

These presentations were reportedly given hundreds of times between 2012 and 2015, people familiar with the matter told The Wall Street Journal.

2. The network in these demonstrations was El Camino Hospital. The three videos allegedly included images of the hospital's private network information, such as servers, vulnerabilities and some personnel information. The three online videos have since been taken down, following inquiries from The Wall Street Journal.

3. However, El Camino Hospital officials said the hospital did not give Tanium permission to present its network in product demonstrations.

"El Camino Hospital was recently made aware that Tanium, a former third-party vendor that provided a desktop management program, had been using hospital desktop and server management information as part of a sales demonstration," El Camino Hospital told Becker's Hospital Review via email. "El Camino Hospital was not aware of this usage and never authorized Tanium to use hospital material in any sales material or presentation. El Camino Hospital is thoroughly investigating this matter and takes the responsibility to maintain the integrity of its systems very seriously. It is important to note that Tanium never had access to patient information and, based on our review to date, patient information remains secure."

4. Tanium reportedly stopped using footage of the hospital's network in its demonstrations in mid-2015. In a statement to The Wall Street Journal, Tanium said: "In the early days of our company, Tanium periodically demoed our product using a live customer environment, to which the customer had provided us remote access."

In a post on Tanium's blog, the company's co-founder and CEO Orion Hindawi emphasized Tanium does not have access to clients' network environments for product demonstrations unless explicitly provided to the company, adding "we take responsibility for mistakes in the use of this particular customer's demo environment. We should have done better anonymizing that customer's data." He also said "we do not believe we ever put our customer at risk with the data we showed."

5. In Tanium's statement to The Wall Street Journal, the company also emphasized it is unable to access systems without clients' permission, and "under no circumstances today can Tanium utilize a customer's installation to collect data from their systems or users without explicit customer permission and interaction."

Editor's note: This article has been updated to include a statement from El Camino Hospital.

More articles on health IT:
IBM's total revenue declines 3%, cloud revenue rises 33% in Q1
Trump signs executive order targeting specialty work visas: 5 things to know
78% of healthcare execs rank employee education as top cybersecurity threat

© Copyright ASC COMMUNICATIONS 2017. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months