DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

AHF: Breach of Porn Actors’ Data Reveals Failure of AIM Clinic Testing Model

Posted on March 31, 2011 by Dissent

The following is a press release from AHF:

After over 12,000 current and former adult film performers who tested for HIV and other STDs at the Adult Industry Medical Healthcare Foundation’s (AIM) HIV Testing Clinic in Sherman Oaks had their privacy breached when their personal data collected from AIM was published illegally on a Wiki-leaks type website earlier this month, the AIDS Healthcare Foundation (AHF), which has separately been spearheading a workplace safety campaign to require the use of condoms in porn, harshly condemned the release of such personal patient data, yet also noted that the privacy breach underscores the vulnerability of AIM’s entire clinic business model. The industry-funded clinic serves 1,500 to 2,000 active adult film performers each year; however, over the past year it has faced mounting trouble. According to the LA Times (3/30/11), “The AIM clinic opened in 1998 but was shut down in December by Los Angeles County public health officials two days after state health officials denied its application to operate as a community clinic based on what regulators called “business-related issues.” The clinic was sold and allowed to reopen last month as AIM Medical Associates P.C., part of a doctor’s office regulated by the Medical Board of California, according to state officials.”

“Despite our differences with AIM and segments of the industry over condom use, we are indeed saddened by the news of this privacy breach of personal information of over 12,000 current and former AIM patients,” said Michael Weinstein, President of AIDS Healthcare Foundation. “However, this breach should not come as a surprise to any care provider who dutifully manages and cares for populations of patients. The entire business model of the AIM clinic has been flawed from the start, and as a result, its patients’ privacy has been violated. Performers—not producers—should be the ones to have password-protected access to their own testing results and health data from the AIM Testing Clinic. Performers should also be the ones who choose to share that information with producers they intend to work for. As it stands, AIM views the producers as their clients, not the performers walking through its doors each day to get tested.”

While AIM charges each patient (and potential adult film performer) for HIV and other testing (something that is illegal under California law), they also require patients to sign overly broad patient release forms allowing industry producers to view the test results and health data. Producers in turn pay a regular monthly subscription fee for unlimited access to AIM’s entire database of test results for current and previous performers.

It is unclear where or how the privacy breach occurred—from inside AIM, or from a subscriber to AIM’s testing results database.

AIDS Healthcare Foundation (AHF) is the largest global AIDS organization. AHF currently provides medical care and/or services to more than 156,000 individuals in 26 countries worldwide in the US, Africa, Latin America/Caribbean and the Asia Pacific Region. www.aidshealth.org

A statement on AIM’s web site – dated today – says:

AIM Medical Associates, P.C. is investigating the possibility of a criminal breach of the medical record database. Substantial amounts of information posted on the site in question could not come from the AIM* database because we do not possess that information. Specifically, home addresses and identification documents are not within the AIM* database. Other testing businesses may or may not have such information on their databases.

AIM is utilizing every available resource to conduct a thorough forensic investigation to confirm if a breach of security occurred here. If such a breach occurred, we shall take all available steps to see that the felonious behavior is criminally prosecuted to the maximum extent under the law. Accessing a database for improper purposes, violating medical privacy and extortion are all crimes in California. There is preliminary information indicating that criminal behavior by persons or entities may have occurred.

In any case, the malicious nature of the site cannot be overstated. It is reprehensible that the site characterizes all adult actresses as “whores,” and refers to some women as “baby killers.” It is gratifying that the website has been largely unavailable at least over the past few days. We hope the hosting company removes this scurrilous site altogether.

No related posts.

Category: Health Data

Post navigation

← When it comes to compiling breaches, more is better
Army suicide prevention efforts raising privacy concerns →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.