Found a vulnerability on a medical site? Get a visit from FBI gunmen

An armed group of FBI agents broke into the house to an information security specialist who discovered data from 22,000 patients in the dental clinic in open access. Justin Schafer, the same specialist, woke up at 8.30 in the morning. He, his wife and three children were sleeping peacefully when someone started ringing the doorbell and then knocking strongly on the door.

“My first thought was that my father was dead, but when I walked to the door, I saw flashing blue and red lights,” says the best man. When he opened the door, he saw more than 10 FBI agents. One of them aimed an assault rifle at Shafer. At the same time in his house, literally half a meter, there was a cot with a baby. The agents ordered Schafer to put his hands behind his back, and handcuffed him. My wife tried to explain that there were three small children in the house, and Shafer himself was not a criminal. He himself, being in his underpants, did not understand at all what was happening and why. Over the next few hours, the agents seized all computer hardware and Schafer devices. Even Dentrix magazines were seized (in total, the FBI collected 29 items). At home there was only his wife's phone.

')

Screenshot from Eaglesoft ftp server

And only then Schafer found out why the FBI came to his house. It turned out that the reason was the detection by an expert of the FTP server of Eaglesoft, a manufacturer of medical software for dentists. As it turned out, data from thousands of dental patients were stored on this server, and anyone could get access to them. Shafer contacted the administration of DataBreaches.net, asking to notify the software manufacturer. As soon as the vulnerability was eliminated, he published information about his discovery . A little later, an expert discussed the problem in his blog .



As it turned out, Patterson Dental, a company whose division is Eaglesoft, accused Schafer of unauthorized access to Eaglesoft servers and patient data. As a result, the information security specialist did not receive thanks from the company, whose problem he solved, but he received a whole bunch of armed guests with subsequent problems in the form of proceedings with the FBI.