Stories
Slash Boxes
Comments

SoylentNews is people

Cybersecurity Startup Tanium Exposed California Hospital’s Network in Demos Without Permission

posted by martyb on Friday April 21 2017, @02:22PM   Printer-friendly
from the IPO-plans-now-require-unobTanium dept.

Fnord666 writes:

Information security company Tanium is a relatively well-established "next-generation" cybersecurity vendor that was founded 10 years ago—far ahead of the wave of the venture capital-funded newcomers, like Cylance, who have changed the security software space. (Tanium has reached a market valuation of more than $3 billion, though there are no indications of when it will make an initial public offering.)

Starting in 2012, Tanium apparently had a secret weapon to help it compete with the wave of newcomers, which the company's executives used in sales demonstrations: a live customer network they could tap into for product demonstrations. There was just one problem: the customer didn't know that Tanium was using its network. And since the customer was a hospital, the Tanium demos—which numbered in the hundreds between 2012 and 2015, according to a Wall Street Journal report—exposed live, sensitive information about the hospital's IT systems. Until recently, some of that data was shown in publicly posted videos.

In 2010, Tanium's software was installed at Allscripts Healthcare Solutions' El Camino Hospital (which markets itself as "the hospital of Silicon Valley") in Santa Clara County, California. The hospital no longer has a relationship with Tanium. While Tanium did not have access to patient data, the demos showed desktop and server management details that were not anonymized.

"The hospital did not authorize desktop management data or other information to be used in any product demonstration and was not previously aware of these demonstrations or videos," El Camino Hospital told the Journal's Rolfe Winkler. "We are dismayed to learn that desktop and server management information was shared. We are thoroughly investigating this matter and take our responsibility to maintain the integrity of our systems very seriously."

[...] CEO Hindawi: "Viewers didn't connect demo to that customer for years."

Additional Coverage: WSJ, BI, HealthDataManagement, Ars Technica, Bloomberg.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Cybersecurity Startup Tanium Exposed California Hospital’s Network in Demos Without Permission | Log In/Create an Account | Top | 7 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by DannyB on Friday April 21 2017, @02:39PM

    by DannyB (5839) Subscriber Badge on Friday April 21 2017, @02:39PM (#497418) Journal

    Even if this was pre-arranged with the victim hospital through some lower level employee, this still demonstrates an appalling security breach on both the part of the victim hospital and especially Tanium.

    --
    The lower I set my standards the more accomplishments I have.
    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3