DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cyber-Sleuth or Cyber-Thief? LabMD Case Continues to Expose the Good, the Bad, and the Downright Ugly in Cyber-Security Developments

Posted on October 16, 2014 by Dissent

Over on HIPAA, HITECH, and HIT, Elizabeth Litten comments on FTC’s administrative case against LabMD, a case I’ve been following here for the past few years. After recapping the case, she writes:

This case isn’t over, and it remains to be seen whether [Administrative Law Judge] Chappell will find the witness’s testimony credible and/or relevant to a finding that LabMD violated Section 5.  It also remains to be seen whether the FTC and Tiversa will end up looking like cyber-sleuths out to uncover, and protect the public from, lax security practices, or will look more like cyber-thieves grasping for money, power, publicity or something else.  Either way, this case is ugly and certainly does not create a high level of confidence in the cyber-security investigation and enforcement tactics utilized by the FTC.

Read her full column on HIPAA, HITECH, and HIT.

Have I not been saying all along that even if FTC could go after LabMD, I did not think this was a good use of their resources? And have I not been saying all along that this case strikes me as somewhat unfair to LabMD whose security – other than an employee not following policy (which still happens ALL the time) – was on a par with other HIPAA-covered entities’ data security back in 2008? If HIPAA decided not to go after LabMD for violations of its Security Rule, should FTC being take a sledgehammer to LabMD?

There are those who will claim that the only reason the FTC went after LabMD was because LabMD didn’t play the game and cooperate by jumping at every request and turning over thousands of pages of documents. But when all is said and done, does this action by the FTC do a damned thing to protect consumers? I think not, and can think of a lot of serious cases in the healthcare sector that the FTC should pursue – like a breach where patients weren’t even notified that their SSN and details were available for free download on Pirate Bay.

The FTC has done tremendous yeoman service in protecting consumers’ privacy, but sadly, not in this case.

Related posts:

  • Unfair enforcement? FTC vs. LabMD
  • FTC’s complaint against LabMD has spawned so much litigation – and for what?
  • Facing continued investigation and litigation, LabMD decides to wind down its operations (Updated)
  • House Oversight asks Inspector General of the FTC to investigate FTC’s actions in LabMD case
Category: Uncategorized

Post navigation

← Cover Oregon investigates another security breach
Ca: Mayor Rob Ford's privacy breached, hospital says →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.