Infosec firm boss admits to accessing hospital network in sales demo
CEO forced to apologise for patient data blunder
The CEO of IT security company Tanium has been forced to apologise after it was discovered the firm used a hospital's live network in sales demonstrations and even revealed private data from the same hospital in a video posted online.
The hospital had not given any permission for its networks and data to be used for these purposes. According to reports from the Wall Street Journal, the company had been accessing the networks of the El Camino hospital in Mountain View, California during product demonstrations. Videos of the sales demos were also posted on YouTube, although have since been removed.
The report added that the hospital network was used in various demos from 2010 to 2015.
In a blog post, Tanium CEO Orion Hindawi said the company takes "responsibility for mistakes in the use of this particular customer's demo environment. We should have done better anonymising that customer's data."
"Viewers didn't connect the demo environment to that customer for years, and we do not believe we ever put our customer at risk with the data we showed. Looking at those demos, we see there are easy things we should have done to obscure and anonymise further."
He added that since 2015 the company had always asked customers if it could use data and networks for external demos and have written consent to do so.
In a statement to the media, El Camino Hospital said that it was "not aware of this usage and never authorised Tanium to use hospital material in any sales material or presentation".
It added that it was investigating the matter and took the responsibility to maintain the integrity of its systems "very seriously".