Thought I would make a quick blog post on some of my security research.
![]()
![]()
![]()
![]()
![]()
Dexis Imaging Suite 10:
Not much to talk about. It is what it is. They do go off the SYSTEM account which means if you CAN authenticate with the server, you can ALSO create user accounts and do almost anything you would like.
Dentsply Sirona CDR DICOM (formerly Schicktech):
This uses the Network account, so you can't take control of the server like you can if they used the SYSTEM account, but you CAN use this account to take files off of file shares.
Open Dental:
This was interesting. I mentioned to CERT that Open Dental uses a blank password for the majority of installations and few people change that password. I didn't think CERT could do hard coded credentials, as most know that Open Dental allows the mysql database password to be changed. They also have a website with documentation on how to change the password. CERT changed this to the program uses Default Credentials (root and a blank password for mysql). This is true. Not sure what will happen but I am glad that we get to discuss changing the password.
NEW Vulnerabilities I have submitted to CERT:
Planmeca ROMEXIS:
Installation Manuals
just google "pwr0mex!s" without quotes. Older installations appear to use "pwr0mex1s"
Not sure if they support changing the password.. I would try at an office but few doctors want me messing with their passwords. I will keep trying, perhaps CERT should ask Planmecca.
Carestream Softdent:
That is the manual for sertting up a client and server. Search it for the word password, and you can see the username is ADMIN and the password is ADMIN.
They do not support changing the password.
FTP SERVERS that stored patient data in the public (Anonymous authentication) that I downloaded went to these offices allegedly: (Blowing a whistle on the "internet"?)
Timberlea Dental Clinic (Patterson Dental)
Massachusetts General Hospital (Patterson Dental)
Dr. M Stemalschuk (Patterson Dental)
Grand Street Medical
OakView
Doctor's Health Group of South Florida
George Prevas (less then 500, 7 SSN)
Bailey's Crossroads Dental Services
POST-RAID
Dr. Ronald Schultz DDS:
https://www.databreaches.net/its-10-pm-somewhere-do-you-know-where-your-old-databases-are/
Total Family Dentistry\Dansville Dental:
54,218 Patients
The latest was from an FTP Server with Acronis Disk Image.
Each archive was 30GB:
Dr. Ronald Schultz DDS:
https://www.databreaches.net/its-10-pm-somewhere-do-you-know-where-your-old-databases-are/
Total Family Dentistry\Dansville Dental:
54,218 Patients
The latest was from an FTP Server with Acronis Disk Image.
Each archive was 30GB:
Dentech PMS has 54,218 Patients
WHY DOES THIS SERVER HAVE X-RAY SOFTWARE REGISTERED TO AN OFFICE THAT IS NOT THIS OFFICE???
Random Thoughts about moving to the "CLOUD":
Oh... I have thought more about Cloud vs Traditional Software... and I would like to see the "Cloud" incorporate at a minimum: Two Form Authentication. And I would like to see the ability to encrypt the data on the cloud with a key that the doctor has control over. .. I don't know of anyone in Dentistry that offers this. So if you read this and think "I should just move to the cloud".. you could still be hacked if someone finds your credentials, and without two form, it would be EASY for someone to just login. If the cloud provider gets hacked, what does the Business Associate Agreement say about things like: Who pays the expense of notification? Who will assume the financial burden? On the other side of that coin is: If someone breaks into your office, you don't have to worry NEARLY as much as having a physical server onsite, stuff like that. Then there is the hybrid cloud. where your server is on the cloud, but fully accessible on your office network.
"And Stuff".