Vulnerability in dental software exposed other patients' medical records

Colleagues, cybersecurity alert: I discovered a vulnerability in the Practice by Numbers portal that exposed other patients' medical records.
I highlight:
- changing the document ID in the URL allowed access to other patients' files—IDs were sequential;
- the portal is used by ~5,000 clinics; the reporting patient received no response from the company and escalated to the media;
- the company took the portal offline on 13 April, restored it on 17 April, said it will notify


Latest comments
No comments yet.