FBI raids home of security researcher who unearthed data breach affecting 22,000

- Print  | 

A data software security researcher may face charges after he exposed an encryption vulnerability in a dental practice software company that compromised the data of 20,000 patients, reports The Daily Dot.

In February, Justin Shafer discovered an online File Transfer Protocol server operated by dental practice management software company Eaglesoft that contained a directory with patient data. Mr. Shafer alerted Patterson Dental, which manufactured Eaglesoft, of the publicly available patient data, according to the report.

But now, Patterson Dental is alleging Mr. Shafer "exceeded authorized access" when accessing the online server and is in violation of the Computer Fraud and Abuse Act, according to The Daily Dot.

Last week, the FBI showed up at Mr. Shafer's house and seized 29 items.

"I think it is a cowardly thing to do to my family," Mr. Shafer told The Daily Dot. "I think they owe me a thank you, and I think they owe the patients and covered entities an apology. I also feel like they should be heavily fined for storing patient data on an anonymous FTP site for years."

More articles on data breaches:

Managing insider cybersecurity risk: 5 key findings 
Unhealthy rise in healthcare privacy breaches: 5 tips to stay ahead of patient privacy threats 
Vendor misconfiguration breaches Children's National Health System patient data 

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

To receive the latest hospital and health system business and legal news and analysis from Becker's Hospital Review, sign-up for the free Becker's Hospital Review E-weekly by clicking here.