I made a complaint to HHS a while back. It was in regards to Patterson Dental not answering requests from CERT regarding Eaglesoft. CERT is an entity that helps coordinate security problems between researchers and vendors. Eaglesoft is a Business Associate, for all the dental offices that use it, under HIPAA. It is included in the Eaglesoft end-user license agreement when you install Eaglesoft. Basically, the point of this post is to highlight how large companies seem to barely get into trouble with the government. Want to lie about your encryption? The fine is an easy 250K. No problem when you have billions. Want to share out files on your public FTP server? You don't pay a fine, instead, the guy who found it gets raided by the FBI. Then when that guy wants to close a security hole, the company can ignore it and HHS doesn't care. I have read where someone left an unencrypted laptop somewhere and wound up paying millions. Who knows.
I received an email from an investigator who is in Region 8, who doesn't cover Minnesota nor Illinois. And his official job title is "Equal Opportunity Specialist". I figure by now OCR\HHS probably knows who I am in regards to some sort of "history", lol. So I tell Sean the investigator a 1 hour story, and he was actually a lot of fun to talk to. He did ask me jokingly if I was "TheDarkOverlord" lol. I did tell Sean that the FBI gave me back Patterson Dental's files, as some sort of final "F you" I guess along with a flash drive that has an NTFS Label of "JMS SUCKS ASS", to support my claim. lol.
I left out the part about the time I alerted the FBI and HHS to the time I found SSN on the HHS NPI database via an ic3 report. Or the time we emailed some guy named Bennett Prows. I did tell him once I submitted a databreach report to HHS as a David DiGiallorenzo and put the patient count at 2600. And so when HHS put it on the wall of shame, after I went to the news, the number was 2600. https://www.databreaches.net/hhs-corrects-entry-for-lanap-implant-center-breach/
I admitted it was stupid. I had to explain the whole captain crunch whistle stuff. It was because someone at Dentrix told me I would be blamed if I ever told anyone.
Anyways, 2 days after the interview I received an email they are closing the investigation. Oh well, I tried. I guess you cannot win them all. I still feel like the entire thing was unfair, but I have learned to stop expecting great things from the government. I was super lucky I won the FTC thing. I was told the fines are calculated by some algorithm. I will file this HHS letter with the rest of them, some I have uploaded to muckrock. https://www.muckrock.com/foi/united-states-of-america-10/js-submission-documents-123454/
