Dental practice software maker fixes bug that exposed patients’ medical records

Practice by Numbers patched a vulnerability in its patient portal that allowed authenticated users to access other patients’ medical records by altering sequential document IDs in the URL. Affected records included personal information, medical histories, and photo IDs; the company took the portal offline, fixed the bug, and reported notifying fewer than ten patients while claiming no evidence of prior exploitation.