The CEO of IT security firm Tanium has been forced to apologise after it was discovered the firm used a hospital's live network in sales demonstrations and revealed private data from the same hospital in a video posted online.
The hospital had not given permission for its networks and data to be used for these purposes.
Tanium was a desktop management vendor for the El Camino Hospital in Mountain View, California
As first revealed by the Wall Street Journal, the company had been accessing the networks of the hospital and using hospital desktop and server management information during product demonstrations for five years from 2010.
Videos of the sales demos were also posted on YouTube, although have since been removed.
In response, Tanium CEO Orion Hindawi admitted the company "should have done better anonymising that customer's data.”
"Viewers didn't connect the demo environment to that customer for years, and we do not believe we ever put our customer at risk with the data we showed," Hindawi wrote.
"Looking at those demos, we see there are easy things we should have done to obscure and anonymise further."
But he defended Tanium's approach to customer privacy and security, and said that since 2015 Tanium had asked customers for permission and written consent to use their data and networks for external demos.
In a statement, El Camino Hospital said it had not been aware of the usage and "never authorised Tanium to use hospital material in any sales material or presentation”.
It said it was investigating the matter and took the responsibility to maintain the integrity of its systems “very seriously”.
The hospital pointed out that the security firm had no access to its patient data.