DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Cyber-Sleuth or Cyber-Thief? LabMD Case Continues to Expose the Good, the Bad, and the Downright Ugly in Cyber-Security Developments

Posted on October 16, 2014 by Dissent

Over on HIPAA, HITECH, and HIT, Elizabeth Litten comments on FTC’s administrative case against LabMD, a case I’ve been following here for the past few years. After recapping the case, she writes:

This case isn’t over, and it remains to be seen whether [Administrative Law Judge] Chappell will find the witness’s testimony credible and/or relevant to a finding that LabMD violated Section 5.  It also remains to be seen whether the FTC and Tiversa will end up looking like cyber-sleuths out to uncover, and protect the public from, lax security practices, or will look more like cyber-thieves grasping for money, power, publicity or something else.  Either way, this case is ugly and certainly does not create a high level of confidence in the cyber-security investigation and enforcement tactics utilized by the FTC.

Read her full column on HIPAA, HITECH, and HIT.

Have I not been saying all along that even if FTC could go after LabMD, I did not think this was a good use of their resources? And have I not been saying all along that this case strikes me as somewhat unfair to LabMD whose security – other than an employee not following policy (which still happens ALL the time) – was on a par with other HIPAA-covered entities’ data security back in 2008? If HIPAA decided not to go after LabMD for violations of its Security Rule, should FTC being take a sledgehammer to LabMD?

There are those who will claim that the only reason the FTC went after LabMD was because LabMD didn’t play the game and cooperate by jumping at every request and turning over thousands of pages of documents. But when all is said and done, does this action by the FTC do a damned thing to protect consumers? I think not, and can think of a lot of serious cases in the healthcare sector that the FTC should pursue – like a breach where patients weren’t even notified that their SSN and details were available for free download on Pirate Bay.

The FTC has done tremendous yeoman service in protecting consumers’ privacy, but sadly, not in this case.

Related posts:

  • Unfair enforcement? FTC vs. LabMD
  • FTC’s complaint against LabMD has spawned so much litigation – and for what?
  • Facing continued investigation and litigation, LabMD decides to wind down its operations (Updated)
  • House Oversight asks Inspector General of the FTC to investigate FTC’s actions in LabMD case
Category: Uncategorized

Post navigation

← Cover Oregon investigates another security breach
Ca: Mayor Rob Ford's privacy breached, hospital says →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Qantas customers involved in mammoth data breach
  • CMS Sending Letters to 103,000 Medicare beneficiaries whose info was involved in a Medicare.gov breach.
  • Esse Health provides update about April cyberattack and notifies 263,601 people
  • Terrible tales of opsec oversights: How cybercrooks get themselves caught
  • International Criminal Court hit with cyber attack during NATO summit
  • Pembroke Regional Hospital reported canceling appointments due to service delays from “an incident”
  • Iran-linked hackers threaten to release emails allegedly stolen from Trump associates
  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.