U.S. hospitals have to abide by the Health Insurance Portability and Accountability Act. Here's a violation: One hospital put its heart rate monitors online for the whole world to see.
Although this was a read-only tool -- you couldn't defibrillate a patient over the Internet -- it's still a major, major breach of the privacy law.
Tentler said that another security researcher reported this hospital to DHS' Industrial Control Systems Cyber Emergency Response Team last year.
NEXT: A home security app