Software Company to Pay Fine to FTC for Deceptive Encryption Claims

The United States FTC recently imposed a fine on one software vendor because it allegedly made false claims regarding the encryption capabilities of its product. This' despite the United States CERT (Computer Emergency Readiness Team) publicly warning against doing so.

FTC said that Henry Schein lied about its Dentrix G5 computer application as using encryption of industry standard while also ensuring the software's users about safeguarding patient data as accords to the Health Insurance Portability and Accountability Act (HIPAA).

The HIPAA-based security guidelines maintain that it's necessary to encrypts data using the best quality encryption algorithms such as Advanced Encryption Standard (AES) or even higher. Further according to HIPAA, if any organization loses its laptop, which had medical details in it, then that organization needn't inform about a data hack event to officials practicing law provided AES or higher had been used for encrypting the medical details.

During June 2013, a note about people's susceptibility, which the US-CERT declared, cautioned that Schein's product didn't have proper encryption. The alert as well addressed a problem affecting one similar software program that Faircom sold, one more software maker. Softpedia posted this, January 10, 2016.

FTC, while lodging its complaint against Schein, alleged the software company knew that Dentrix G5 employed one not so complex method for database camouflaging for safeguarding patient data instead of AES. Incidentally, the National Institute of Standards and Technology recommends Advanced Encryption Standard as basic for the industry while it also provides suitable safeguard towards obtaining some specific regulatory obligations within the purview of HIPAA. Yet Schein, over 2-yrs, proclaimed its software's "encryption capabilities" towards safeguarding database on patients as well as obtaining 'data protection rules' within several marketing materials, particularly brochures/newsletters meant for dentists.

And since FTC began a probe, in 2014 post January, Schein created fresh materials for its product's promotion wherein it used "data camouflage" substituting "data encryption."

On 5th January, 2015, as per a settlement between FTC and Schein, the latter would have to pay a $250K/EUR228K fine. Besides, Schein would've also to disclose before ex-clients about the spurious advertising it used that could induce certain extra lawsuits and charge-backs.

» SPAMfighter News - 1/14/2016