Looking Beyond the Breach: Recovery Analysis in Data Breach and Cyber Losses

By David Brisco, Esq. and Joe Rich, Esq. | June 10, 2014

  • June 22, 2014 at 1:49 pm
    D. Kellus Pruitt DDS says:
    Like or Dislike:
    Thumb up 0
    Thumb down 0

    Dear David Brisco and Joe Rich,

    Speaking of subrogation liability, Dentrix, the dental software vendor which you mention in your article, continued to advertise that their G5 dental software was encrypted 8 months after the Department of Homeland Security warned that their encryption was nothing more than “weak obfuscation.” (See: “Vulnerability Note VU#900031 Faircom c-treeACE database weak obfuscation algorithm vulnerability,” June 10, 2013”).

    This means there are very likely hundreds (?) of Dentrix customers who experienced stolen computers – and who still may be unaware that their dental patients’ identities contained in the lost files are not encrypted as promised. There could be tens of thousands of Americans at risk being blindsided by preventable identity thefts, just because an EDR vendor lied about encryption to boost sales at the risk of national security.

    This seems to me to be a huge liability for Schein Dental, parent company of Dentrix, and will never completely disappear.

    D. Kellus Pruitt DDS
    cc: American Dental Association
    cc: Dentrix



Add a Comment

Your email address will not be published. Required fields are marked *

*