DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Dentrix taking steps in the right direction

Posted on January 20, 2014 by Dissent

Dentrix’s newest newsletter contains an article on data security that is significant both for no longer using the term “encryption” to describe their security and for offering customers more resources and help. In light of my previous commentary on Dentrix security and marketing, I would be remiss not to note this progress here. Note that HenryScheinDental/Dentrix did not make me aware of this article. It was sent to PHIprivacy.net by someone who followed my criticism of Dentrix and thought I’d be interested in seeing it. They were right.

In the new Dentrix enewsletter, there’s an article on data security by Rhett Burnham. The article provides a few important resources for dentists, which is something I had suggested to Dentrix both when Burnham and I talked and in my previous blog post. But here is the part that really caught my eye:

Dentrix G5 Helps You Improve Security

In addition to your work required to ensure security, Henry Schein introduced cryptographic technology in Dentrix version G5 to supplement a practice’s employee policies, physical safeguards and data security. Available only in Dentrix G5, we previously referred to this feature as encryption. Based on further review, we believe that referring to it as a data masking technique using cryptographic technology would be more appropriate. Regardless of what you call it, this is a proactive step which Henry Schein has taken to augment, not replace, your security systems.

With that statement, it seems that Dentrix has incorporated my strong recommendation and the opinion of experts that they should not call their security feature “encryption.” I am delighted that they have taken this important step and commend them for it, as well as their effort to be clear that their feature does not replace required security but (only) augments it. And to the extent that new customers are not as likely to be confused or believe that they are getting encryption as specified by HIPAA, I hope this will encourage more dentists to adopt the stronger security measures that are also needed.

All that said, since not everyone using G5 may read the newsletter, I hope Dentrix also follows up with a letter/mailing to all customers to reinforce their message that data masking using cryptographic technology is not a replacement for strong encryption.

I am also delighted to note their plans to provide more security resources for their clients, as I had also suggested in our conversation and my previous blog post:

Get Informed, Stay Informed
Henry Schein is committed to helping our customers establish required data security and protection for the benefit of the patient and the practice. We will continue to investigate ways to enhance security in the Dentrix product, and in the coming months, you can look for a Security Information Center on the Dentrix website where you and your IT professional can find additional security resources, including recommendations for data protections, systems security and other best practices.

The article also reminds clients where they can get more technical support for their installations from Dentrix:

Need Help Securing your Network? Henry Schein Experts Can Help.
Henry Schein’s TechCentral team of computer and business technology experts provides complete IT solutions including network security, expert support and experienced technicians for thousands of practices nationwide. For more information visit www.HenryScheinTechCentral.com to learn about the TechCentral Protected Practice. To speak with a Henry TechCentral expert today, call 877.483.0382.

The newsletter makes no mention, however, of the existing – and serious – vulnerability that Dentrix is presumably still working with FairCom to address: the hardcoded login problem discussed in my previous blog post. I think that’s an issue where current customers need to be informed so that they are aware of the risk while Dentrix works on a genuine fix. Certainly it makes sense to me to inform customers of the risk and suggest that, if practicable, they not store Social Security numbers in the database, or that they take other steps to de-identify patient records in case the vulnerability is exploited by a bad actor.

Overall, however, I am really very pleased to see this article and look forward to Dentrix continuing to educate practioners while it strengthens the security of its product.

Category: Uncategorized

Post navigation

← The Biggest Big Data Myths of 2013
Insecure healthcare.gov allowed hacker to access 70,000 records in 4 minutes →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.