FTC settles claim for misrepresenting standard of software’s data security

The Federal Trade Commission (FTC) has settled a claim against Henry Schein Practice Solutions Inc (Shein), a provider of office management software for dental practices. The FTC claimed that Shein falsely advertised the level of encryption in software provided to protect patient data.

Shein marketed a database to dental practices with claims that the software was compliant with Advanced Encryption Standard (AES) encryption required to protect patient data under healthcare regulations in the US. However, rather than “encryption”, the software used a less secure algorithm of “data camouflage” which was more vulnerable to attack.

Under the settlement, Shein will be required to notify all customers that the software does not provide industry-standard encryption. Shein will also pay USD$250,000 as disgorgement – a common provision in FTC advertising cases, but the first for marketing claims specifically related to data security.

Link (FCC): FCC press release