informa
Quick Hits

On Heels of Oracle Settlement, FTC Burns Company For Security Practices

Federal Trade Commission sticks medical software developer with $250,000 bill for lying about encryption capabilities.

The U.S. Federal Trade Commission (FTC) has wrested $250,000 from a dental practice software company to settle charges that the company misled customers about the level of encryption they provided.

According to the FTC complaint, Henry Schein Practice Solutions, Inc. had billed its Dentrix G5 suite as being able to encrypt patient data and meet data protection regulations like HIPAA, even after it had been informed the software's proprietary encryption algorithm was "less secure and more vulnerable than widely-used, industry-standard encryption algorithms" such as AES. 

This settlement comes two weeks after Oracle settled charges that it had made deceptive over-promises about a JavaSE update.

The industry is also waiting to see how the FTC will wield its other new implied powers -- which may extend to any business with lax security, not just software companies doing false advertising. When the Third U.S. Circuit Court of Appeals ruled last year that the FTC could move forward with a lawsuit against the Wyndam Worldwide hotel chain for leaving customer data unprotected, the court effectively gave the Commission the power to regulate the security practices of businesses. 

Recommended Reading: