FTC says LabMD liable for lax data security in 2013 breach, overturns judge's dismissal of case

The Federal Trade Commission has overruled an administrative judge's ruling that said medical testing laboratory LabMD was not liable for previous data breaches and that the lab's security practices could not be proven likely to cause substantial harm to consumers, reports Reuters.

Chief Administrative Law Judge D. Michael Chappell in November dismissed a lawsuit the FTC filed against LabMD alleging the company failed to reasonably protect the security of consumers' personal data. The FTC provided various incidents in which personal information held by LabMD was made publicly available, including one instance where insurance files were available to share on file sharing site LimeWire.

The FTC overruled Judge Chappell's decision in a unanimous decision, indicating the judge applied the wrong legal standard. "LabMD's security practices were unreasonable, lacking even basic precautions to protect the sensitive consumer information maintained on its computer system," FTC Chairwoman Edith Ramirez wrote in FTC's opinion, according to Reuters.

The opinion said personal information of 9,300 consumers was exposed online for 11 months. LabMD "failed to use an intrusion detection system or file integrity monitoring; neglected to monitor traffic coming across its firewalls; provided essentially no data security training to its employees; and never deleted any of the consumer data it had collected," the opinion indicates.

More articles on data breaches:

Athens Orthopedic Clinic reports data breach 
Danish authorities report nationwide breach of health information 
Maryland court dismisses CareFirst data breach lawsuit citing insufficient demonstration of injury 

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars