Cybersecurity firm exposed non-anonymized hospital data in demos

Cybersecurity startup Tanium is in hot water after exposing non-anonymized network data from a California hospital during live product demonstrations and online videos.

The hospital is one of Tanium's clients and while the firm says that it had permission to use the hospital's environment, the company's Chief Executive Officer Orion Hindawi admitted in an open letter to its consumers that the firm “should have done better anonymizing that customer's data.”

“Viewers didn't connect the demo environment to that customer for years, and we do not believe we ever put our customer at risk with the data we showed,” Hindawi said. “Looking at those demos, we see there are easy things we should have done to obscure and anonymize further.”

Whether or not the firm had permission to use the hospital's network in the demonstrations is unclear.

A spokesperson from Allscripts Healthcare Solutions, the healthcare technology company which installed Tanium's software on the hospital's network in 2010, told ISMG that it had not given Tanium permission to use the hospital's network for demos. Regardless, the demos ceased after the security firm lost access to the network and have since been pulled offline.

The security firm is also facing backlash after reports surfaced earlier this week about its CEO being accused of unsavory behavior and questionably terminating senior employees.

prestitial ad