Security Operations, Data Security, Privacy, Vulnerability Management

Practice by Numbers fixes patient data exposure bug

A digital representation of a data leak warning, featuring glowing red text against a dark, high-tech background.

(Adobe Stock)

Practice by Numbers, a developer of patient management software used in thousands of dental offices, has fixed a security flaw that exposed the private health records of patients on a portal bundled with its software, based on information published by TechCrunch.

A patient, Joseph R. Cox, discovered the vulnerability, which allowed any user with portal access to view other patients' documents, including personal information, medical histories, and photo identification. The bug was exploitable by altering document numbers in the web address, and these numbers appeared to be sequentially incremental, making it easy to guess other patients' file numbers. Cox faced difficulties reporting the issue to Practice by Numbers, as the company's website had a broken email address and did not respond to LinkedIn messages.

TechCrunch alerted the company on April 13, leading to the patient portal being taken offline for a fix and brought back online on April 17. Practice by Numbers stated that fewer than 10 patients were affected and that they had not found evidence of prior exploitation. The company plans to update its website to provide a channel for reporting security issues, though no timeline was given.

Source: TechCrunch

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BitCold Warm Hot Disaster Recovery SiteCountermeasureCronCryptographic Algorithm or HashData AggregationDigital CertificateDigital SignatureDigital Signature Standard (DSS)Identity Theft

You can skip this ad in 5 seconds