Cybersecurity Startup Exposed Network Data of Hospital in Demos

Tanium, a cybersecurity startup, is in trouble after it exposed data of non-anonymized network of a hospital in California during live demonstrations of product as well as online videos.

The California hospital is one client of Tanium, and although the firm claims that they had the permission of using the California hospital's environment; Orion Hindawi, CEO of the company, in open letter admits to their consumers that they "should have done better anonymizing that customer's data."

The confession about leakage of data comes after WSJ (Wall Street Journal) reported on 19th April, stating that staff of Tanium and the CEO Hindawi has done many presentations for the potential customers since early 2012 till mid-2015 which relied on probing El Camino Hospital network based in the Santa Clara, California.

Journal reported that the demonstrations came to halt when Tanium have lost access of hospital's network, and then Tanium started to search another customer ready to give its permission. Minimum 3 demonstration videos are posted online, including 1 on the YouTube, in 2012, by one reseller. Bankinfosecurity.com posted on April 20th, 2017, that all of them are at this time been taken down.

Tanium's presentation exposed information which includes private network information, computer and server names, security vulnerabilities, antivirus software versions as well as personnel details of El Camino Hospital.

It is not clear that whether the firm got permission of using the network of hospital in the demonstration. The leakage of data might complicate relationship of Tanium with its present customers as well as potential fresh accounts.

El Camino Hospital has commented that "we are thoroughly investigating this matter and take our responsibility to maintain the integrity of our systems very seriously."

A spokesperson of the Allscripts Healthcare Solutions, healthcare technology company who have installed the software of Tanium on hospital's network in the year 2010, told the ISMG that they haven't permitted Tanium to use network of hospital for demonstrations. Anyway, the demos stopped once the security firm has lost access of the network and were pulled offline since then.

Moreover, security firm also is facing criticism after surfacing of report early this week, stating that its CEO is accused of unpleasant behavior along with questionably terminating the senior employees. Hospital has confirmed that no information of patient was shared in demos of Tanium.

» SPAMfighter News - 4/26/2017