DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

AHF: Breach of Porn Actors’ Data Reveals Failure of AIM Clinic Testing Model

Posted on March 31, 2011 by Dissent

The following is a press release from AHF:

After over 12,000 current and former adult film performers who tested for HIV and other STDs at the Adult Industry Medical Healthcare Foundation’s (AIM) HIV Testing Clinic in Sherman Oaks had their privacy breached when their personal data collected from AIM was published illegally on a Wiki-leaks type website earlier this month, the AIDS Healthcare Foundation (AHF), which has separately been spearheading a workplace safety campaign to require the use of condoms in porn, harshly condemned the release of such personal patient data, yet also noted that the privacy breach underscores the vulnerability of AIM’s entire clinic business model. The industry-funded clinic serves 1,500 to 2,000 active adult film performers each year; however, over the past year it has faced mounting trouble. According to the LA Times (3/30/11), “The AIM clinic opened in 1998 but was shut down in December by Los Angeles County public health officials two days after state health officials denied its application to operate as a community clinic based on what regulators called “business-related issues.” The clinic was sold and allowed to reopen last month as AIM Medical Associates P.C., part of a doctor’s office regulated by the Medical Board of California, according to state officials.”

“Despite our differences with AIM and segments of the industry over condom use, we are indeed saddened by the news of this privacy breach of personal information of over 12,000 current and former AIM patients,” said Michael Weinstein, President of AIDS Healthcare Foundation. “However, this breach should not come as a surprise to any care provider who dutifully manages and cares for populations of patients. The entire business model of the AIM clinic has been flawed from the start, and as a result, its patients’ privacy has been violated. Performers—not producers—should be the ones to have password-protected access to their own testing results and health data from the AIM Testing Clinic. Performers should also be the ones who choose to share that information with producers they intend to work for. As it stands, AIM views the producers as their clients, not the performers walking through its doors each day to get tested.”

While AIM charges each patient (and potential adult film performer) for HIV and other testing (something that is illegal under California law), they also require patients to sign overly broad patient release forms allowing industry producers to view the test results and health data. Producers in turn pay a regular monthly subscription fee for unlimited access to AIM’s entire database of test results for current and previous performers.

It is unclear where or how the privacy breach occurred—from inside AIM, or from a subscriber to AIM’s testing results database.

AIDS Healthcare Foundation (AHF) is the largest global AIDS organization. AHF currently provides medical care and/or services to more than 156,000 individuals in 26 countries worldwide in the US, Africa, Latin America/Caribbean and the Asia Pacific Region. www.aidshealth.org

A statement on AIM’s web site – dated today – says:

AIM Medical Associates, P.C. is investigating the possibility of a criminal breach of the medical record database. Substantial amounts of information posted on the site in question could not come from the AIM* database because we do not possess that information. Specifically, home addresses and identification documents are not within the AIM* database. Other testing businesses may or may not have such information on their databases.

AIM is utilizing every available resource to conduct a thorough forensic investigation to confirm if a breach of security occurred here. If such a breach occurred, we shall take all available steps to see that the felonious behavior is criminally prosecuted to the maximum extent under the law. Accessing a database for improper purposes, violating medical privacy and extortion are all crimes in California. There is preliminary information indicating that criminal behavior by persons or entities may have occurred.

In any case, the malicious nature of the site cannot be overstated. It is reprehensible that the site characterizes all adult actresses as “whores,” and refers to some women as “baby killers.” It is gratifying that the website has been largely unavailable at least over the past few days. We hope the hosting company removes this scurrilous site altogether.


Related:

  • Two more entities have folded after ransomware attacks
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Theft from Glasgow’s Queen Elizabeth University Hospital sparks probe
  • North Country Healthcare responds to Stormous's claims of a breach
  • Texas Enacts Electronic Health Record Data Localization Law
Category: Health Data

Post navigation

← When it comes to compiling breaches, more is better
Army suicide prevention efforts raising privacy concerns →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Inquiry launched after identities of SAS soldiers leaked in fresh data breach
  • UK sanctions Russian cyber spies accused of facilitating murders
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.