Dentrix Data Leak Report and Analysis

Recently a dentist PMS (practice management software) was discovered to be uploaded some time ago to well known public torrent trackers. The PMS is a software installation of Dentrix version 11 and is a full installation that appears to be registered to LANAP and Implant Center of Pennsylvania (www.perioimplants.us) according to wnep.com who did the first story. As a result it appears who ever uploaded it left the raw data that contains PII (personal identifying information) such as social security numbers, full addresses and contact phone numbers. Earlier this year it also appears the Dentrix application had been exposed as having a privilege escalation exploit, The data was uploaded to the pirate bay in Feb 17, 2010 and is amazing it has only recently been discovered that it contains this personal information. The package is being handed out across software cracking forums earlier this year to and the orginial torrent which is still the current torrent has a description of below.

Thousands of dental practices worldwide have proven DENTRIX and its integrated third-party software to be capable of turning a dental practice into a viable and profitable business. DENTRIX boosts staff productivity, enhances professionalism, increases collections, helps keep chairs full, and improves the bottom line. And, with its extensive suite of eServices products and third-party partnerships, DENTRIX provides profitable integration solutions from front desk to operatory, X-ray to eClaim. I found a USB flash drive in the middle of the road and it had this Dentrix software on it. I don't know if it needs activated or who would even be looking for this type of software, but someone put on a flash drive for a reason, so here ya go. I started the installation up to the point where it asked me if I wanted to install the Server or Workstation software.

The database files are in the format of DAT and IDX files are are not encrypted but are formatted and without the correct working version of Dentrix (needs a security key as well as serial) its pretty difficult to make sense of the data files so below is a report after about 12 hours in total of reading and researching the data found, matching contents and getting overall counts of information. Gallery

Detailed Leak Report

Within the dentrix package that has been leaked contains a folder called DATA which is a live database with users credentials with in it. These credentials are pretty hard to map and count but after many, many hours i now have a final count that i am happy with publishing as a confirmation. All together there is 3 files which contain social security numbers which are **pat_dat.dat,**insured.dat , claim.dat. The file pat_dat.dat has the social security numbers in the format of xxxxxxxxx as the other files have them in proper format of xxx-xx-xxxx. located social security number counts for each of these files are below: - pat_dat.dat - 15,014 SSN

  • insured.dat - 6,333 SSN
  • claim.dat - 11,643 SSN

When checked for duplicates the files return the following results: - pat_dat.dat - 9,167 SSN

  • insured.dat - 5,857 SSN
  • claim.dat - 4,906 SSN

When all these are combined and processed for duplicates it returns a overall total of 9,169. As i was doing this i wanted to try and define a proper count of people effected within this system but since the formatting of the DAT files is so scrambled it makes it hard to simply open and count. After extracting all two letter state names from ins.dat and address.dat it comes up with the following result: - ins.dat - 31,417

  • address.dat - 8,140

Unique counts of state names: - ins.dat - 39

  • address.dat - 19

Also found - address.dat - 7810 zip codes.

**Final total count of personal details is this. ** Unique patients total 11,033 rows with 2,084 of them rows are missing social security numbers leaving a total of 8,949. So i think its safe to say that well over 10,000 Patient personal details have been exposed which contains full names, social security numbers and home addresses.

File break down.

addresses.dat Full addresses of clients with what appears to be land line numbers with out area code. Williamsport seems to be the most popular city/county Total: 7,810 land line+zip codes. Total: 8,140 State two letter codes. Non Duplicate: 19 State two letter codes. ------------------------- pa_dat.dat 1 email found Possible: 9158 social security numbers without the proper formatting (missing -) when formatted and matched to the insured.dat social security numbers there turns outs the following numbers Total: 15014 Duplicate: 5847 (insured.dat contains 5857 non duplicates) this could mean insured.dat is those with full insurance of some kind. Non Duplicate: 9167 names here also appear to match names in the file Ledger.ERR This file is dat stamped internally with " History Check - 04/15/2005" appears to be a report of account balances. ------------------------- **Claim.dat **Non Duplicate: 4,906 SSN Total: 11,643 ------------------------- appt.dat Appears to have appointment ids/client ids, client names in format of last name, first name. then a basic report or outcome of the appointment which details exactly what it was about names match those as from pa_dat --------------- insured.dat Contains thousands of social security numbers, without being able to format the rest of the data its hard to match but still a big risk. checked a few for validation with this and appears valid. Total: 6,333 Duplicate: 476 Non Duplicate: 5,857 --------------- NOTES.dat This appears to be demands of account payments and notes for certain patients but i can not find a link to which ones. Something i did catch thou is this "The x-ray submitted is a post-op x-ray. Pre-op was lost in the mail." --------------- **Ins.dat **Contains a bunch of dental or related company's details with company names, contacts (public ones), post code+4 number which matches locations listed in file.Its also linked to the PAYERID and PayerIdM files which list similar information + pay ids, maybe these people pay to have their system in this? or access to this? not sure. Non Duplicate: 39 states Total: 1,417 total states

Lee Johnstone

Lee Johnstone

Information Security Data Analyst, Investigative Journalist, Technology Lover, Mechanic.

Read More
Dentrix Data Leak Report and Analysis
Share this