photo credit:

24 Jan LabMD sues Tiversa for Racketeering, Conversion, Fraud … And more.

photo credit:

After years of throwing everything they’ve got in the path of justice, including taking LabMD’s medical data, trying to prevent the publication of Michael J. Daugherty’s book, The Devil Inside the Beltway, and attempting to manipulate a former Tiversa employee (who has recently received immunity from the Justice Department in what the Administrative Law Judge called Tiversa’s “improper attempt to place evidence on the public record, unilaterally, with the transparent purpose of impugning the credibility of anticipated testimony and/or influencing the immunity process”), recent events and admissions, detailed in the Complaint, have provided key evidence of Defendants’ illicit actions.


read the lawsuit here….


LabMD vs Tiversa Holding Corp, Robert J. Boback, M. Eric Johnson

Read More

11 Jan Listen to Michael live with Vic Wheaton on Security Current


Screen Shot 2015-01-11 at 8.14.43 AM


Listen to the interview HERE


LabMD processes medical specimens. One day, a security services company emailed them advising that its patented searching software, which looks for problems caused by peer-to-peer applications, found a file with sensitive information.

The security company offered its services at $475 an hour in what was interpreted as a shakedown. LabMD refused to play and refused to pay, choosing to mitigate the problem themselves.

The security company turned over its finding to the Federal Trade Commission (FTC) leading to a multi-year, resource-draining battle by LabMD to try prove that they did nothing wrong.

Security Current’s Vic Wheatman spoke with LabMD’s CEO Mike Daugherty, author of The Devil Inside the Beltway: The Shocking Expose of the US Government’s Surveillance and Overreach into Cybersecurity, Medicine and Small Business. Daugherty talks about taking on a government bureaucracy over matters of principle.

Also, read Security Current’s Richard Stiennon’s review of Daugherty’s book.

Read More

31 Dec Halting Federal Overreach: MIKE DAUGHERTY BATTLES ON



Since 2010, in what has now been dubbed one of the most important government cybersecurity cases in recent memory, LabMD, a small and innovative cancer detection company, has relentlessly fought off Federal Trade Commission overreach and abuse.

Based in Atlanta, Georgia, LabMD was wrongly targeted by the Federal Trade Commission using unverified and allegedly falsified evidence obtained from a private firm with a direct financial interest in government action.

The Commission targeted LabMD not because there were any victims from any alleged data breach, but rather because it believed LabMD would quickly agree to a consent judgment that would provide a basis for the Commission claiming new jurisdiction over all health care companies.

Now we have a commissioner recusing herself based on speeches she gave prejudging the LabMD case, a House Oversight congressional investigation and hearings, an inspector general investigation, a U.S. District judge strongly criticizing the government for conducting a sloppy, “almost unconscionable” investigation, an Eleventh Circuit appeal and a Justice Department immunity grant to a whistleblower in the administrative proceedings.


And 2015 is going to be even more interesting.


Read More

17 Oct Cyber-Sleuth or Cyber-Thief? LabMD Case Continues to Expose the Good, the Bad, and the Downright Ugly in Cyber-Security Developments

Screen Shot 2014-10-17 at 9.10.21 AM

LabMD and Michael Daughterty made the HIPAA, HITECH & HIT this week!

Elizabeth Litten, esq., of the firm Fox Rothschild, writes in her article dated Oct 15th, about the recent news regarding the FTC vs LabMD case. Read below about allegations that the LabMD file was never anywhere but the LabMD computer until Tiversa took it…and wasn’t after they took it either.


LabMD, Inc. CEO Michael J. Daugherty continues to doggedly defend LabMD against an action brought by the Federal Trade Commission (FTC) against LabMD based on Section 5 of the FTC Act.  He now has an opportunity to prove himself the “good guy” following last week’s decision by Chief Administrative Law Judge D. Michael Chappell granting LabMD’s motion that Chappell formally request an order from the U.S. Attorney General to compel testimony from, and provide immunity to, a key witness expected to expose the dirty investigative tactics and tainted facts relied upon by the government in bringing the action against LabMD.  The key witness is a former employee of Tiversa Holding Company, Inc. (“Tiversa”), the company that dredged up a patient data file, leading the FTC to claim LabMD had “unreasonable data security practices” that were “likely to result in unauthorized exposure of data” in violation of Section 5.   So who’s the “bad guy” here?

The witness is expected to testify that, contrary to allegations that form the bedrock of the FTC’s action, Tiversa did not find LabMD’s patient data file on four separate internet addresses as the result of a LabMD employee’s unauthorized download of a peer-to-peer (“P2P”) music-sharing app on a company computer.  Rather, using what Tiversa has referred to as its high-powered, patent-pending search engine technology, Tiversa found the patient data file only on a LabMD computer.


To quote the last sentence of the article:

“…this case is ugly and certainly does not create a high level of confidence in the cyber-security investigation and enforcement tactics utilized by the FTC.”

To read more of the article, click  HERE

Read More

13 Sep Tiversa, Inc.: White Knight or Hi-Tech Protection Racket?

Screen shot 2014-07-24 at 11.32.17 AM

Postponed till Mid November – Stay tuned for more information!

What promises to be an insightful session is scheduled for:

September 17, 2014 | 10:00 a.m. in 2154 Rayburn House Office Building

If you are in the area, join Michael in learning what the committee will uncover.

If you aren’t in the area, this session will be available on live streaming.

See you on the 17th!

For more details as they develop keep you eye on the information page

Read More

22 Aug The Eleventh Circuit is holding oral arguments


Screen shot 2014-08-22 at 5.55.03 AM

The Eleventh Circuit has announced that they are going to hold oral arguments in LabMD’s case even though the appellate court had refused. See below for Law 360’s reporting of this development. To view the original article, click HERE.

The Eleventh Circuit said Wednesday that it has decided to hold oral arguments on LabMD Inc.’s latest bid to halt the Federal Trade Commission from policing corporate data-security standards, a dispute which the appellate court has already once refused to entertain.

In a brief docket entry, the appellate court announced that it “has determined that oral arguments will be necessary in this case,” which LabMD mounted in May after a Georgia district court ruled that it lacked jurisdiction to consider whether the FTC had overstepped its statutory authority by bringing a closely-watched administrative proceeding accusing the laboratory of failing to implement reasonable data security standards to protect private health information.

The Eleventh Circuit in May declined to hear the appeal on an expedited briefing schedule or grant a stay of the administrative proceeding pending its review of the lower court’s ruling, but both the laboratory and the FTC have since filed their briefs in the case, leading the appellate court to issue its oral argument determination Wednesday.

“The court’s decision to grant oral argument indicates that this case presents important issues about the FTC’s abuse of authority, and we are optimistic that LabMD will prevail once all arguments are made,” Cause of Action Executive Director Dan Epstein said in a statement Wednesday.

The court has yet to set a date for oral arguments, and a representative for the FTC could not be immediately reached for comment Wednesday.

The often contentious dispute between the regulator and medical testing laboratory began in August 2013, when the FTC filed an administrative complaint alleging that LabMD failed to safeguard medical and financial information on nearly 1 million customers and allowed data to leak on to the peer-to-peer file-sharing network LimeWire and into the hands of identity thieves.

Instead of settling the claims, LabMD became only the second company, after hotel chain Wyndham Worldwide Corp., to push back at the commission’s authority to regulate the security of consumer information as an “unfair” practice under Section 5.

Besides responding to the administrative complaint, the company also asked the District of Columbia and the Eleventh Circuit in separate filings to halt the commission from proceeding with its action.

In February, the Eleventh Circuit ruled that it could not review the Section 5 challenge because the statute “only gives courts of appeal authority to review an order of the commission to cease and desist from using any method of competition or act or practice, [and] there is no such order here.”

The determination led LabMD to abandon the complaint it already had brought in the District of Columbia for an injunction halting the administrative case and file a new complaint in Georgia.

In May, the Georgia federal court threw out the suit, ruling that district courts are in no position to interfere with ongoing administrative enforcement actions.

After the Eleventh Circuit refused to disrupt the proceeding in May, the FTC responded to the laboratory’s appeal by urging the appellate court to uphold the lower court’s holding that it is premature for the court to become involved in the administrative proceeding.

If the outcome of the proceeding ends up being unfavorable to LabMD, it can bring its challenge at that point, the FTC asserted in its brief.

But LabMD countered in an Aug. 11 reply brief that the court should be able to review an executive branch agency’s action under the Administrative Procedure Act before the administrative case concludes, and that its First Amendment retaliation claim can proceed because constitutional claims arising in an administrative case need not wait until the agency takes a final action.

The disputed trial before the administrative law judge that LabMD is seeking to halt began in May, although the proceedings were quickly put on hold and have yet to resume following the discovery that a Republican-led House committee is investigating data security firm Tiversa Inc., which is a key player in the FTC’s case.

LabMD is represented by Cause of Action, which has retained Ronald L. Raider, Burleigh L. Singleton and William D. Meyer of Kilpatrick Townsend & Stockton LLP, and Reed D. Rubinstein of Dinsmore & Shohl LLP.

The FTC is represented by its own Perham Gorji, and by Mark B. Stern, Lauren Fascett, Adrienne E. Fowler and Abby Christine Wright of the U.S. Department of Justice.

The case is LabMD Inc. v. Federal Trade Commission, case number 14-12144, in the U.S. Court of Appeals for the Eleventh Circuit.

Read More

05 Aug FTC Must Disclose Consumer Data Security Standards

Screen Shot 2016-01-11 at 9.05.08 AM

Quote from Information Week

A company accused by the FTC of failing to provide adequate data security has the right to know the required security standards, administrative judge rules.

A medical lab accused by the Federal Trade Commission (FTC) of inadequately securing data has the right to know what standards the agency claims it violated, according to an FTC administrative judge’s ruling.

The May 1 decision represents a belated victory for LabMD, a small Atlanta medical testing lab that first ran afoul of the commission in 2008 when medical records reportedly were found on an outside peer-to-peer network. In August 2013, the FTC filed an administrative complaint alleging the lab failed to reasonably secure patient data in 2008 and in a subsequent 2012 breach.

LabMD since has gone out of business, but it is defending itself against the FTC complaint in administrative court and in March filed a civil lawsuit in U.S. District Court challenging the commission’s authority to enforce security standards for data security.


Read More

24 Jul Rep. Issa takes aim at FTC ‘inquisitions’

Screen Shot 2016-01-11 at 8.12.49 AM

Quote from The Hill

“All Americans should be outraged by the FTC’s unchecked ability to pursue a claim that is not based on any legal standard,” said Michael Daugherty, the head of a cancer screening company, told the committee on Thursday.

Daugherty’s company, LabMD, allegedly allowed information about nearly 10,000 patients to be compromised.

But Republicans on the Oversight Committee and officials at LabMD say the FTC’s complaint was partly based on information given by cybersecurity firm Tiversa, which has previously offered services to LabMD but was refused. Plus, the lawmakers said, some of the information may be inaccurate.

“To me, it looks little a little bit of an extortion game from a company trying to make a few bucks off of you guys, fishing and them coming after you,” Rep. John Mica (R-Fla.) said.

Issa said the FTC was being manipulated by Tiversa “to punish firms who refuse to pay” for its services.

The FTC’s LabMD case is currently on pause while lawmakers on the Oversight Committee discuss immunity for a potential witness.

The authority to go after companies for data security has been questioned in court, but a judge in April sided with the FTC in a separate case about the Wyndham hotel and resort chain, which seemed to settle the issue for the commission’s defenders.


Critics of the FTC’s action say Tiversa found vulnerabilities in LabMD’s data security in 2008, brought evidence to the company and offered its services to fix the problem. When LabMD refused, Tiversa brought its data to the FTC.

Additional information from Wallace, however, might prove that the Tiversa information was not accurate.

“If the assertion that he made are true, the FTC has been misled and this committee has been misled on multiple occasions,” Issa said.


Read More