Cybersecurity company Tanium may have put one of its hospital clients' sensitive information at risk for three years by using the hospital's internal network for live product demonstrations.
The hospital, El Camino Hospital in Mountain View, Calif., never gave Tanium permission to use its network for product demonstrations of Tanium's network-security software. The 443-bed hospital said no patient data were breached during the demonstrations, which Tanium ran between 2012—two years after the software was first installed—and 2015.
"El Camino Hospital is thoroughly investigating this matter and takes the responsibility to maintain the integrity of its systems very seriously," the hospital said.
The product demonstration videos revealed server and computer names, employee information and the hospital's security vulnerabilities, which could have exposed the hospital to a hack. It would have been the latest in the growing number of hospital systems that have been breached. So far this year, 10 healthcare providers have had breaches of their network servers, affecting more than half a million patients.
Videos of the demonstrations that had been posted online were taken down after the Wall Street Journal asked about them.
This is the latest in a series of blows to Tanium. In the last year, 10 senior executives have resigned or been fired, and current employees have complained that the CEO, Orion Hindawi, is abusive.
Hindawi hinted at an apology over the demonstrations in a blog post Wednesday. "We should have done better anonymizing that customer's data," he wrote. Hindawi also addressed the reports of bullying: "What is not true is that we have a toxic culture."
Tanium said it did not have a comment beyond the blog post.