![]() ![]() It is because of Shafer's work that the FTC investigated Henry Schein for false advertising, which they eventually settled for a fine and agreement to notify customers that the product was not encrypted. In reality, there was no encryption, and it was basically just ROT-13 over the wire. The company had falsely advertised their product as having data encryption for HIPAA compliance. It wasn't until Shafer demonstrated a proof-of-concept to trivially get information from the product (and described it publicly) that they begrudgingly changed it (imperfectly). The product was using hardcoded database credentials for software running in about half the dental offices in America, which stores the medical records of tens of millions of Americans. Shafer discovered several massive security weaknesses in the market-leading dental practice management software, Dentrix by Henry Schein. I found on a forum post that Shafer had personally tweaked the driver to work on Windows 7, and when I reached out to him he gave it to me free of charge, saving our client around $20,000 in pointless capital costs. ![]() The manufacturer no longer supported the product (a glorified USB webcam on a stick), and the new model cost high four figures. I once needed to get a legacy medical device (intraoral camera) from the XP era working on Windows 7. He has Aaron Swartz-level integrity and public service. Justin Shafer is the hero dental IT needs. This story affects me personally I work in this industry. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |