A patient discovered a security flaw in dental practice software that allowed access to medical records. The issue has since been fixed, but the patient said reporting it was difficult. The bug affected a widely used system in Norwegian clinics.
The software maker, T4 Practice Manager, confirmed the flaw on April 30. Company representatives said the fix was deployed within hours of notification. They added that no misuse of patient data was detected during the exposure period.
The patient, who asked not to be named, told TechCrunch it took multiple attempts to get the company’s attention. Initial emails went unanswered, and support tickets were closed without resolution. Only after contacting the company’s CEO directly did the issue receive a response. The patient said this experience highlights gaps in how small software vendors handle security reports.
Security researchers warn that dental and medical software often lags behind other industries in vulnerability management. Many vendors prioritize feature updates over security patches, leaving sensitive data at risk. Norway’s data protection authority, Datatilsynet, has not commented on whether an investigation is planned.
T4 Practice Manager did not disclose how many clinics or patients were affected. The company said it has since added a dedicated security contact for future reports.
Source: techcrunch.com