When dealing with sensitive information on any level, one of the key aspects is to always make sure that permission is granted from the necessary parties involved before proceeding to move, alter or show it to anyone.
Cybersecurity startup Tanium Inc. experienced a major snafu when it was discovered that the company was using private hospital information in its software demos without permission. The hospital whose details were exposed is California-based El Camino Hospital, a non-profit community facility. After having Tanium’s software installed by Allscripts Healthcare Solutions in 2010, the hospital eventually grew to not have a relationship with the cybersecurity company.
Tanium used the hospital as a case study in its demos between 2012 and 2015, helping it to grow to a valuation of $3.5 billion. The information exposed in Tanium’s presentations included El Camino Hospital’s private network information, security vulnerabilities, server and computer names, versions of antivirus software and personnel details.
El Camino Hospital commented on the discovery of Tanium’s use of its private records to The Wall Street Journal: “The hospital did not authorize desktop management data or other information to be used in any product demonstration and was not previously aware of these demonstrations or videos. We are dismayed to learn that desktop and server management information was shared. We are thoroughly investigating this matter and take our responsibility to maintain the integrity of our systems very seriously.”
The hospital confirmed that no patient information was shared in the Tanium demos.