Software firm settles FTC charges it misled on encryption

A company that sells software to dental practices will pay $250,000 to settle federal charges it misled customers about the level of encryption used to secure patient data.

In a complaint, the Federal Trade Commission (FTC) alleged Henry Schein Practice Solutions touted its Dentrix G5 software as featuring encryption that met “data protection regulations” for protecting patient data.

{mosads}But despite these claims, the FTC said Schein knew its encryption was less complex than the government-recommended standard for securing personal medical data.

“Strong encryption is critical for companies dealing with sensitive health information,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection, in a statement. “If a company promises strong encryption, it should deliver it.”

Under the proposed agreement, Schein will pay the $250,000 settlement to the FTC. It must also notify purchasers of the Dentrix G5 software about the substandard encryption.

In recent years, the FTC has become the de facto data security regulatory agency, as Congress has been unable to move a data breach bill that would set nationwide security standards.

In December alone, the agency secured a number of high-profile settlements with companies over their cybersecurity practices.

Tech giant Oracle agreed to settle FTC charges that it misled customers about security updates for popular software installed on more than 850 million personal computers.

Just a week prior, identity theft protection firm LifeLock agreed to pay a record $100 million fine to settle an FTC lawsuit that it had deceived customers about how secure their data was.