The Federal Trade Commission issued a press release today regarding a case against Henry Schein Practice Solutions’ deceptive claims that G5 is “encrypted”. HSPS was fined $250,000 and will have to notify all users that the product does not provide encryption to NIST standards. The proposed notification letter isn’t kind to HSPS. You can read it here.
As customers, you expect your vendors to reasonably secure products sold to you. There have been many people publicly screaming for vendors to do something, anything better than mere obfuscation that is passed off as encryption. It’s too bad that the HSPS wouldn’t do anything at their customer’s request instead of being forced to by the FTC.
We should expect this is the first of many such reports to surface about false claims or omissions of security in the dental world. Be cautious of your Business Associates and hire a qualified IT professional to encrypt your server properly. We as IT providers take a muliple layered approach to security and never trust a vendors claim to be your sole source of encryption.