Found a vulnerability on a medical site? Get a visit from FBI gunmen



    An armed group of FBI agents broke into the house to an information security specialist who discovered data from 22,000 patients in the dental clinic in open access. Justin Schafer, that same specialist, woke up at 8.30 in the morning. He, his wife and three children were sleeping peacefully when someone started ringing at the doorbell and then knocking strongly on the door.

    “My first thought was that my father was dead, but when I came to the door, I saw blinking blue and red lights,” says the best man. When he opened the door, he saw more than 10 FBI agents. One of them aimed an assault rifle at Shafer. At the same time in his house, literally half a meter, there was a cot with a baby. The agents ordered Schafer to put his hands behind his back, and handcuffed him. My wife tried to explain that there were three small children in the house, and Schafer himself was not a criminal. He himself, being in his underpants, did not understand at all what was happening and why. Over the next few hours, the agents seized all computer hardware and Schafer devices. Even Dentrix magazines were seized (there were 29 items in total for the FBI). At home there was only his wife's phone.



    Screenshot from Eaglesoft ftp-server

    And only then Schafer found out why the FBI descended on his house. It turned out that the reason was the detection by an expert of the FTP server of Eaglesoft, a manufacturer of medical software for dentists. As it turned out, the data of thousands of patients of stomatology was stored on this server, and anyone could get access to them. Shafer contacted the administration of DataBreaches.net, asking to notify the software manufacturer. As soon as the vulnerability was eliminated, he published information about his discovery . A little later, the specialist discussed the problem in his blog .



    As it turned out, Patterson Dental, a company whose division is Eaglesoft, accused Schafer of unauthorized access to Eaglesoft servers and patient data. As a result, the information security specialist did not receive thanks from the company, whose problem he solved, but he received a whole bunch of armed guests with subsequent problems in the form of proceedings with the FBI.
    Tags:

    Also popular now: