cyber security

Home > cyber security (Page 2)

17 Oct Cyber-Sleuth or Cyber-Thief? LabMD Case Continues to Expose the Good, the Bad, and the Downright Ugly in Cyber-Security Developments

Posted at 12:23h in Blog, cyber security, Michael in Print, News by Michael Daugherty
0 Likes

Screen Shot 2014-10-17 at 9.10.21 AM
header

LabMD and Michael Daughterty made the HIPAA, HITECH & HIT this week!

Elizabeth Litten, esq., of the firm Fox Rothschild, writes in her article dated Oct 15th, about the recent news regarding the FTC vs LabMD case. Read below about allegations that the LabMD file was never anywhere but the LabMD computer until Tiversa took it…and wasn’t after they took it either.

 

LabMD, Inc. CEO Michael J. Daugherty continues to doggedly defend LabMD against an action brought by the Federal Trade Commission (FTC) against LabMD based on Section 5 of the FTC Act.  He now has an opportunity to prove himself the “good guy” following last week’s decision by Chief Administrative Law Judge D. Michael Chappell granting LabMD’s motion that Chappell formally request an order from the U.S. Attorney General to compel testimony from, and provide immunity to, a key witness expected to expose the dirty investigative tactics and tainted facts relied upon by the government in bringing the action against LabMD.  The key witness is a former employee of Tiversa Holding Company, Inc. (“Tiversa”), the company that dredged up a patient data file, leading the FTC to claim LabMD had “unreasonable data security practices” that were “likely to result in unauthorized exposure of data” in violation of Section 5.   So who’s the “bad guy” here?

The witness is expected to testify that, contrary to allegations that form the bedrock of the FTC’s action, Tiversa did not find LabMD’s patient data file on four separate internet addresses as the result of a LabMD employee’s unauthorized download of a peer-to-peer (“P2P”) music-sharing app on a company computer.  Rather, using what Tiversa has referred to as its high-powered, patent-pending search engine technology, Tiversa found the patient data file only on a LabMD computer.

 

To quote the last sentence of the article:

“…this case is ugly and certainly does not create a high level of confidence in the cyber-security investigation and enforcement tactics utilized by the FTC.”

To read more of the article, click  HERE

Read More
The FTC is Suing me...

27 Apr The FTC is Suing Me…..Rerun

Posted at 23:21h in Blog, cyber security, government by Michael Daugherty
0 Likes

Now that I am about one month away from our trial in front of the FTC’s court, I thought it would be a good idea to rerun this blog post. I will be bringing everyone up to date later this week on what has been going on lately. Government Overreach and draining victims dry is not the most effective way to protect consumers. As a matter of fact, it wastes resources and drives healthcare providers away from trusting the government. But nothing ever stopped a lawyer in need of job security and an employee of the month award. Fasten your seatbelts.

This post was originally posted HERE

 

The cat has finally come flying out of the bag. In 2008, someone (and we know exactly who it is) took our file without authorization. We believe it has always been secure and still is. Why do we believe this? Because the people who took it were subsidized by U.S. government agencies.

Since January 2010, the FTC has been sniffing around, wondering if our practices are up to snuff. Notice I say practices and not standards. The Feds have not pointed out any standards! Also, we are quite up to snuff, thanks very much. It’s hard to break a law when there isn’t one. Unfortunately, my MindReader3000 broke just hours before they showed up. Don’t you hate that?

Judging by the FTC’s practices, they seem to have opened their playbook to the page on digging in and driving a good citizen nuts. As houseguests, they are rude, silent, and terrible. Run the other way if you see them in your neighborhood. They hover like a dinner guest who stays for months—the epitome of rude and selfish. Did I mention they are also poor conversationalists? Aside from asking for another helping of whatever they want, the FTC doesn’t say much, but it’s not a pretty picture if you don’t have the steak cooked exactly to their liking. Apparently nothing we’ve served has been to their liking, yet we are positive that we did what they asked.

Are they trying to drive us so nuts that we’ll finally do and say anything necessary to make them leave? They don’t even really have a reason to stick around aside from “just doing their jobs.” Since this administration showed up, it seems like all the government agencies have been “just doing their jobs” in this manner. It’s almost like being cyber-waterboarded.

We’ll never give in! Self-appointed savior of the world or not, the FTC is a rude houseguest, and we won’t make up a lie about our cooking just to get them out. That would be giving them exactly what they want. Why validate such vile behavior from these occupiers?

So, what exactly does one do when big brother is hovering, knocking, poking, not playing nice, and won’t go home? Speaking for myself, I shine a light on how “he” conducts himself and scream from the rooftop to alert the neighbors. Of course, I still mind my manners–go along hoping the growling dog won’t attack or bite. I’ll throw them all the treats they want! We’ve always conducted business in an honest, sincere manner, so there’s nothing to hide. Despite our efforts to get the FTC to laugh and wag its tail, nothing seems to work. Sigh….

This is a LONG story so I am writing a book titled “The Devil Inside the Beltway.” I don’t want to write a book; I HAVE to write a book. There is way too much juicy stuff to cram into a sound bite or two-minute video. A book is a LOT of work. I started in April. Now that the cat is out, I have to finish ASAP, so I am flying to London next week to get it done. Then the editors dig in — developmental, copy, line, and all sorts of prep work prior to launch.

Soooooo…welcome to my website!

As the story unfolds, I will bring to you my experience of just “how they do it;” how our property (a data file with patient information) was taken, how it was presented to the U.S. Congress, how it ended up in the Congressional record without our knowledge or permission, how we were extorted, questioned, investigated, and manipulated. I will tell you how they don’t like it one bit if they have to break a sweat.

Yeah. The bad houseguest sued me last week, so my author page had to turn into a landing page. Spread the word. Turn on the lights. Ask me questions as I unfold the scary and true story of how one fluke after another, combined with an agency of the self-righteous, brought me to this place.

 

I want to tell you so you know. I want to tell you so it won’t happen to you. I want to tell you so, if it does happen to you, you will know what to do. Trust me, when this happens, dialing 911 or 1-800-LAWYER will not summon Superman. However, we are doing well. Our customers support us 100%. We are going to make it, and I look forward to sharing our story with you.

You won’t have to choose to believe me; most of this is in writing.

Until we meet again,

Mike

 

Michael Daugherty is President & CEO of LabMD, an Atlanta-based clinical and anatomic medical laboratory with a national client base. Mike founded LabMD in 1996 after 14 years in surgical device sales with U.S. Surgical Corp. and Mentor Corporation.

Outside of LabMD, enjoys playing tennis, travel, and flying his Cirrus SR22 Turbo single engine aircraft.

Mike can be found:

FacebookTwitter * LinkedIn * Pinterest

Google+ Michael J Daugherty

Read More

07 Apr Don’t be Seduced by Pigs Wearing Lipstick:

Posted at 09:03h in Blog, cyber security, News by Michael Daugherty
0 Likes
lipstickpig

Graphic credit to Mick Coulas

The FTC Testifies Before Congress Using Fear in Their Thinly Veiled Grab for More Power

On April 2, 2014, FTC Chairwoman Edith Ramirez performed a classic display of Government Agency Contempt of Congress as she attempted to seduce Congress into giving her agency more power. She wants power to further pound companies into submission before they can get to a fair and impartial court, power to mislead the public regarding FTC effectiveness, and power to keep Congress from understanding that bully agencies like the FTC keep the American public exploited by hackers and cybercriminals.

With all the chest beating of the US Government agency complex, I remind you that Edward Snowden walked out with a thumb drive. Hero or traitor is not the issue. The issue is hero or traitor, someone walked out with a thumb drive. In the meantime, Edith Ramirez and her merry band of sheriffs want to keep beating up victims. This may make for great theater, this may allow hollow congressmen to back slap and light cigars, but this will never solve the problem.

The tools that Chairwoman Ramirez employs come straight out of the FTC’s “congressional testimonial strategy handbook”; speak briefly using broad and vague terms, assume Congress approves your powers until restricted otherwise, use Heads on Spikes to show the world all the “good” you are doing while you scare everyone else by implying this could happen to them, and finally, keep your mouth shut about the false confessions extracted by holding guns to the heads of victims.

As the FTC knows all too well, the dead and injured are unable to give their side of the story. And who needs to be bothered by petty annoyances like due process and legal integrity when there is so much to do?

Let’s dig a bit further into a couple of their favorite tricks:

Assume regulatory powers are theirs until stopped by Congress or the Courts

The FTC chants every morning like a drunken yogi that they have “broad powers assigned by Congress”. They think that means they rule the world. Given what we have seen from the IRS when an agency is given “broad powers”, this is nothing to brag about. But Congress, in its infinite laziness and fear of public accountability, tossed away the political hot potato by creating regulatory agencies intent on executing Congress’s dirty work. It’s Congress’s version of outsourcing.

While Congress has never assigned the FTC power to regulate data security, the FTC screams “loophole”. Congress didn’t state the FTC didn’t have the power, so, to the assumptive FTC, that means they do. If you want to climb Justice Mountain to get a federal court to rule otherwise, you are going to have to pony up at least a million dollars while Congress stays asleep at the wheel. In the meantime, the courts may roll their eyes and rule that, yes, it is a terrible law, but it is Congress’s terrible law, not the courts, so if you want change it, go complain to Congress.

This is called “running the prisoner until he drops”. There isn’t a more inefficient and corrupt road to justice that waiting for Congress to get something done. And the FTC knows this. They revel in it. The power that the FTC has stacks the deck dramatically in their favor.

Congress probably doesn’t even realize it lets the FTC:

  • Make their own rules.
  • Police themselves.
  • Oversee their own internal administrative court system (think kangaroos).

This has completely shredded the founding fathers intent in separating government powers. We don’t have to speak in theory now…we are currently experiencing a plethora of government agency overreach under the guise of saving the world. “Trust but verify” has been replaced with “trust us you fool”.

Parade around DC with Heads on Spikes

She makes it sound so sweet, but Ramirez is a hissing snake as she announces her list of consent decrees that she likes to call “settlements”.  It would be more accurate to call them extortions. She repeatedly disparages prior companies that had no idea they would receive this repeatedly public reputation assassination for years to come.  Failing to mention her buried fine print that clearly states no wrongdoing was admitted, here arrives more lying through omission.

Companies blocked from their day in even a lopsided and biased court, because they were forced to choose between settling or draining their bank accounts, then continually assassinating their reputation for years to come in hearings and print is a disgusting display of misleading the public and the companies the FTC “settles” with.

We now observe there is no real settling with the FTC. They have become a chronic disease, at every turn forgetting our foundational right of innocence until proven guilty. Yet the FTC extorts these decrees and then brags like they won a jury verdict. Ramirez plays her poker well. She doesn’t have to act long. Congress will move their attentions to something else in a matter of moments. Mission accomplished.

And are we safer? No.

What the FTC doesn’t want you to know is that so many of the files floating around cyberspace are precisely due to the FTC’s ignorance and incompetence. In my new book, The Devil Inside the Beltway, I specifically lay out how the FTC blew the corrective control of P2P malware. Giving a regulatory agency power over technology is like handing Kathleen Sebelius a scalpel and sending her into surgery. This is a dangerous game.

Keep your mouth shut about the false confessions extracted by holding guns to the heads of victims

Congress has allowed the FTC to play judge, jury and prosecutor in their Administrative court, making their rules so lopsided that their victims are beaten into submission and silence. With silenced victims, Congress stays blissfully ignorant of the medieval tactics their spawn employs.

In these congressionally created star chambers, called administrative court, the FTC has the power to:

  • Rule on motions to dismiss, rather than the judge
  • Rule on motions to quash, rather than the judge
  • Require defendants to get FTC signature approval before sending subpoenas.
  • Reject the judge’s ruling.

I could go on…but you get the point. And what does the media do? Nothing. The power slant is so outrageous yet hidden the media can’t comprehend it. That would involve paying attention for more than five seconds.

As long as the FTC keeps it on the down low, plays circle and confuse but is sweet in front of Congress, and gets the hell out of the hearing as fast as possible, this charade is going to continue. Our safety, however, will continue to erode.

The FTC is a fearsome bully that has made us less safe. Shut down the FTC and any and all other agencies that put their job security in front of the national security. This is the tip of the iceberg and it is even chillier below the surface.

Read More

02 Apr Recent FTC Ruling Could Cloud Data Security Enforcement

Posted at 12:01h in Blog, cyber security, Michael in Print, News by Michael Daugherty
0 Likes

Reblogged from:Screen shot 2014-04-02 at 8.58.11 AM

by John Moore, iHealthBeat Contributing Reporter

TOPIC ALERT:

  • Privacy and Security
Click on topic to receive periodic emails.

The arcane world of data security regulations just got a little more ambiguous.

In January, the Federal Trade Commission affirmed its authority to bring action against businesses that fail to adequately protect consumer data. The decision has particular implications for health care, as the case involved LabMD, a medical testing laboratory and a covered entity under HIPAA.

FTC last August filed a complaint against LabMD alleging the company exposed the personal information of about 10,000 people in two incidents. LabMD responded with its own missive: a motion to dismiss the complaint on the grounds that the FTC enforcement action clashed with HIPAA’s information security regulations.

On Jan. 16, FTC commissioners rejected LabMD’s arguments. As a result, health care providers and their business associates now need to consider FTC in addition to HHS’ Office for Civil Rights as a data security enforcement organization.

“What the FTC is saying is they feel they have the latitude … to go after anyone who doesn’t live up to the promises they make with respect to protecting their data,” said Mac McMillan, CEO of CynergisTek, an IT security consulting firm that focuses on health care.

“This was a big surprise to a lot of people,” McMillan said, adding, “Most health care organizations have never really viewed FTC as a regulatory body as it relates to privacy and security.”

Here are some other things healthcare organizations might find surprising:

  • The “new” regulator isn’t particularly new — FTC has been sniffing around health care and security for a number of years.
  • Settlements with FTC could involve 20 years of privacy audits if recent history applies to health care companies.
  • None of this may ever happen — pending court cases could check FTC’s data security watchdog role.

Overlapping Authority?

FTC’s assertion of authority stems from its interpretation of the FTC Act and its mission of pursuing consumer trust issues. In the LabMD decision, the commissioners ruled that a company’s data security lapses fall within the scope of the FTC Act’s ban on “unfair … acts or practices.”

The commission’s enforcement track, however, puts it on a path similar to OCR.

LabMD cited this overlap in its motion to dismiss. The company argued that HIPAA — which empowers OCR’s enforcement work — takes precedence over the FTC Act in the realm of data security.

The commissioners disagreed, saying, “Nothing in HIPAA … reflects a ‘clear and manifest’ intent of Congress to restrict the Commission’s authority over allegedly ‘unfair’ data security practices such as those at issue in this case.”

FTC’s decision is unlikely to stand as the final word on its data security powers in health care and other fields. Ongoing court cases should help determine whether FTC’s position will prevail. In one example, a federal court will rule on Wyndham Worldwide Corp.’s contention that FTC’s pursuit of data security represents an overreach of its authority. FTC in 2012 sued the hotel chain for alleged data security failures.

While the cases continue, some industry watchers believe FTC and OCR will be able to work cooperatively.

Scott Walters — director of security at INetU, a managed hosting and cloud provider that targets the health care industry — said FTC and HHS “are smart enough not to get into a double jeopardy situation” in which the two agencies would take independent action against the same company.

“I can see it being complementary for a while,” Walters said.

Brad Keller — senior vice president at the Santa Fe Group and program director of the company’s Shared Assessments Program — pointed out that FTC and HHS have some history with coordinated action. As an example he cited a 2010 case in which Rite Aid agreed to pay $1 million to settle potential HIPAA violations, following an “extensive joint investigation” by OCR and FTC.

“If you think about it, this isn’t all that new,” Keller said.

McMillan also noted FTC’s previous interest in data security, citing the commission’s discussions over the past five years with organizations including the Office of the National Coordinator for Health IT.

“They have always been clear: if they receive a complaint or perceive a customer trust issue, they will pursue it,” McMillan said.

Effect on Health Care Industry

Assuming FTC’s authority survives court challenges, health care providers would have another data security enforcement body looking at them — and one that can levy fines and order corrective measures.

As for fines, HIPAA has a higher penalty limit. David Harlow — president of The Harlow Group LLC, a healthcare law and consulting firm — noted that fines under the FTC Act are limited to $16,000 for each violation, compared with HIPAA’s maximum fine of $1.5 million.

McMillan, on the other hand, suggested that FTC has a more powerful weapon: privacy audits. When Google and Facebook settled with the FTC — amid complaints of mishandling users’ personal information — the companies agreed to undergo privacy audits for 20 years as part of the deal,according to Forbes.

McMillan said the cost of conducting periodic audits could prove more expensive in the long run than a HIPAA fine. “You’ve got the cost of an external monitor for 20 years,” McMillan said, noting that the audits are conducted by a third party.

He said, “It’s not just the cost, but being under the microscope for 20 years,” adding, “That is an awfully long time to have the government … reviewing what you are doing.”

But the effect of FTC enforcement should not prove as dire for health care providers who stay on the right side of HIPAA.

“If they pay attention to HIPAA, they are going to be fine,” Walters said.  “I don’t think FTC is going to end up trumping HIPAA.”

Walters said the investment in HIPAA, HITECH and the omnibus rule suggests that those requirements will endure as the data security standard in health care.

McMillan said he believes FTC will apply HIPAA’s privacy and security requirements when considering health care companies.

“They are not going to pull some other standards out,” he said.

A gray area still exists, nevertheless. While HIPAA enforcement relies on specific rules, FTC pursues enforcement through case-by-case litigation, Harlow said. The commission doesn’t operate with a list of unfair business practices, he added. So, at least in theory, FTC could find fault with a HIPAA-compliant health care provider.

“There is still room for FTC to maneuver, even if they are fully HIPAA compliant,” Harlow said.

Read More
Daugherty for The Privies

23 Dec My Case with the FTC has been Nominated for the Privies!

Posted at 13:28h in cyber security by Michael Daugherty
0 Likes

If you’re not familiar with The Privies, they are awards that honor “Dubious Achievements in Privacy Law”. These awards, created by privacy expert Mr. Stewart Baker, are broken down into 3 categories. My case with the FTC has fallen under the category, “Dumbest Privacy Case of the Year”. Needless to say, I agree and I want that golden Privy!

The award in Mr. Baker’s own words:

“The plan is to let the public vote for their favorite privacy law abuses, giving special weight to votes cast by those who know privacy law best. The idea is to  combine the best of the Academy Awards and the People’s Choice Awards. We

Daugherty for The Privies

should give the awards a name, like the Tonies or the Emmies, except that for dubious achievements in privacy law there’s only one possible name for the award.  The Privies.

Winners in each category will be eligible to receive their very own Golden Privy trophy…”

So I need your help to bring home the gold! If you could PLEASE visit this link and cast your vote for FTC V. LabMD as “Dumbest Privacy Case of the Year” we can bring more attention to this crazy story and put some pressure on the government to finally make some changes!

Please share and spread the word.

Read More

07 Nov LabMD Slams ‘Oppressive’ FTC Subpoenas in Data Breach Row

Posted at 10:25h in cyber security, law, Michael in Print, News by Michael Daugherty
0 Likes

Screen shot 2013-11-07 at 7.20.51 AMLaw360, New York (November 06, 2013, 1:33 PM ET) — LabMD Inc. on Tuesday slammed the Federal Trade Commission over some three dozen third-party subpoenas it has issued in its ongoing investigation of alleged security breaches at the cancer diagnosis firm that the agency claims exposed the private medical information of thousands of consumers.

LabMD characterized the FTC’s move, which it said follows after years of discovery during which the firm has already submitted over 5,000 pages of documents since 2010, as an undermining tactic meant to harm its reputation and sap its financial resources, according to its motion for protective order filed Tuesday to an FTC administrative law judge.

The Atlanta-based company is represented by the Washington-based nonprofit Cause of Action, whose website says it “fights to protect economic opportunity when federal regulations … threaten it,” and which on Tuesday reiterated its challenge to the FTC’s authority to regulate data security practices.

“From the outset of the FTC’s investigation, the commission has exerted authority it does not have to punish a business that has done nothing wrong,” said COA Executive Director Dan Epstein.  “COA has taken up this fight because the commission is abusing its power and destroying a small business, and it must be held accountable for demonstrations such as these burdensome subpoenas.”

The group identifies itself as nonpartisan, but Epstein, who founded the group in 2011, has in the past worked for billionaire libertarian Charles G. Koch’s foundation, which has funded various economic freedom nonprofits. A COA spokeswoman on Tuesday declined to identify its donors, citing privacy concerns.

The FTC brought its suit in August over an alleged data breach when Internet security firm Tiversa Holding Corp. took  a LabMD patient information file and gave it to the FTC after LabMD turned down a business pitch by Tiversa, according to LabMD’s motion.

The FTC has claimed that that LabMD exposed the information of roughly 10,000 consumers in two instances: once when the billing information for thousands of consumers was found on a file-sharing network, and again when LabMD documents containing the private information of some 500 consumers were stolen by identity thieves, according to the agency.

LabMD, whose data security practices are regulated by the U.S. Department of Health and Human services, argues that HHS has never accused it of violating any such security requirements and that the FTC is merely retaliating for LabMD CEO Michael Daugherty’s scathing manifesto against the agency in his new book, “The Devil Inside the Beltway.”

“Nothing else explains why the FTC would issue more than 35 subpoenas at issue here,” LabMD said in its motion. “Instead of standing on the strength (or lack thereof) of its complaint, the FTC seeks to crush LabMD by using its vast resources to harass through abusive discovery tactics.”

LabMD is represented by Reed Rubinstein of Dinsmore & Shohl LLP and Michael D. Pepson of Cause of Action.

The case is In the Matter of LabMD Inc., docket number 9357, before the Federal Trade Commission.

Read More

18 Sep Critics tell FTC to back off on data security complaints

Posted at 08:00h in Blog, cyber security, government, Interview, law, Michael in Print by Michael Daugherty
0 Likes

 

The agency has no specific data security rules and operates from a vague statute, critics say

The FTC should back away from authority it says it has under a vague section of law that doesn’t mention data security, said the critics, including Mike Daugherty, CEO of Atlanta diagnostic lab LabMD, which is fighting an FTC complaint.

The agency should instead seek specific authority to enforce data security rules from the U.S. Congress and should define what data security standards it expects from companies, instead of seeking sanctions on a case-by-case basis, said speakers during a discussion on FTC authoritysponsored by TechFreedom, an antiregulation think tank, and Cause of Action, a government watchdog group defending LabMD.

The FTC’s complaint against the small lab wasn’t based on established rules that agency officials could point to, Daugherty said.

The FTC, instead of looking for real consumer harm, seems to be saying, “We’re going to take one victim and going to hold them accountable,” said Gerry Stegmeier, a privacy and data security lawyer.

 

Find more of the story here.

If you enjoyed reading this article, sign up for my newsletter and follow me on:

Facebook |  Twitter  |   Google+  |  Pinterest  |   LinkedIn

The Devil Inside the Beltway can be purchased:

Amazon  |   Kobo  |   B&N   

Read More

17 Sep Meet Michael Daugherty in Las Vegas September 18th

Posted at 08:00h in Blog, cyber security, government, Interview by Michael Daugherty
0 Likes

Network Security 2013 come meet Michael Daugherty and hear about his story.

InfoSec Vertigo: Small Medical Lab Wages War Against InfoSec Vendor, US Government, and Big DC Law Firm

  • Benjamin Wright and Michael Daugherty, President of LabMD
  • Wednesday, September 18th, 7:15pm – 8:15pm

Chilling true story: Aggressive infosec vendor magically acquires patient file from small medical lab, then campaigns for a hefty fee to ‘remedy’ the problem. Lab refuses to pay; vendor conveniently gives the file to US Federal Trade Commission, saying it was compromised in a security breach. Years of investigation and litigation ensue. Learn how our legal system separates fact, fiction, and ego in a modern cyber security incident.”

You can find more information here.

If you enjoyed reading this article, sign up for my newsletter and follow me on:

Facebook |  Twitter  |   Google+  |  Pinterest  |   LinkedIn

The Devil Inside the Beltway can be purchased:

Amazon  |   Kobo  |   B&N   

Read More

16 Sep Washington Journal talks about Michael Daugherty and his FTC fight

Posted at 13:00h in Blog, cyber security, government, Interview, Michael is Interviewed by Michael Daugherty
0 Likes

 

LabMD CEO Michael Daugherty fights ‘The Devil Inside the Beltway’

 

Photo by Kent Hoover Michael Daugherty, CEO of LabMD, talks about his company's battle with the Federal Trade Commission at a briefing held by Tech Freedom and Cause of Action.

Photo by Kent Hoover
Michael Daugherty, CEO of LabMD, talks about his company’s battle with the Federal Trade Commission at a briefing held by Tech Freedom and Cause of Action.

 

 

 

 

 

 

 

 

 

 

 

 

You might think that LabMD is fighting a lonely battle against the Federal Trade Commission — most businesses accused by the agency of failing to “reasonably protect” the security of its customers’ data settle their cases. But LabMD not only is challenging the FTC’s complaint, its CEO also is using this case to make a point about out-of-control regulators. He’s written a book, “The Devil Inside the Beltway,” and he’s found allies in Washington, D.C. On Thursday he was the star panelist at a briefing held by Tech Freedom and Cause of Action, two organizations that question the FTC’s approach to data security.
Business owner: Michael Daugherty, president and founder of LabMD, a 25-employee medical testing lab in Atlanta.
FTC complaint: The agency last month filed a complaint accusing LabMD of failing to “take reasonable and appropriate measures to prevent unauthorized disclosure of sensitive consumer data.” Billing data, including Social Security numbers, for more than 9,000 patients of LabMD were found on a peer-to-peer file-sharing network, and LabMd documents containing sensitive personal information were found in the hands of identity thieves in 2012.
How the breach occurred: Daugherty said he learned of the problem when a cybersecurity firm contacted him in 2008 and said it saw one of LabMD’s billing files on a peer-to-peer network. LabMD had firewalls and servers to protect customers’ data, but one of its employees violated company policy and installed Limewire, a peer-to-peer file-sharing network, on her computer in order to listen to music. This made the billing information on her computer available to outsiders. Daugherty said LabMD immediately corrected this vulnerability when it discovered it.

Read the rest of the story here

If you enjoyed reading this article, sign up for my newsletter and follow me on:

Facebook |  Twitter  |   Google+  |  Pinterest  |   LinkedIn

The Devil Inside the Beltway can be purchased:

Amazon  |   Kobo  |   B&N   

Read More

03 Jul Snowden seems to have Obama snowed in…for now…until the dictators are done brain draining Snowden.

Posted at 13:01h in cyber security, government by Michael Daugherty
0 Likes

Yes we scan obama joke

 

Life sure keeps surprising me. I have been writing a book about government surveillance and overreach since early 2012 and Snowden takes over the media headlines about government surveillance and overreach. What interesting timing.

The world just rolls their eyes at the United States. Despots love to have their ass kissed.  They immediately associate the ass kisser is muscle bound, right? Wrong. This is a kindergarten school yard lesson that should have been learned long ago, not one for the world stage. It is way past time to wake up and leave never never land.

Nothing is more important to Barack Obama, as it is with most second term presidents, than his narcissistic historical image…NOTHING. Of course, now that he has been spit in the eye by Putin, ignored by China, dismissed in Africa (except he did stop to meet George and Laura Bush), and had his privacy pants pulled down  by Assange, he has only one way left to project the illusion that he is a leader in control. That would be to play the “no biggie” card.

The “oh well, let’s forget this” trick has been played sooooo many times by the White House you can feel the temperature in the press room rise due to the collective yawn. Let’s forget…Benghazi…let’s forget…James Rosen…let’s forget…the IRS…let’s forget…rising energy prices…let’s remember that is still George Bush’s fault.

Still, President Pied Piper still has plenty of followers skipping down the lane thinking he is just great. That is much easier than the painful trip to “I guess I was wrong” avenue.  Selective perception, memory loss, and narcissism are still in abundant supply in this country. But many of us do have accurate perceptions, our memories are fine, and we demand a leader, not a flute player.

You built it, Mr. President. Now own it, adjust your game plan, grow a pair, and lead us out of this mess. If you want the image in your historical mirror to be pretty you better make some changes. You won’t be able to spin history like you do every day events.  You are running out of time. We are running out of patience.

If you enjoyed reading this article, sign up for my newsletter and follow me on:

Facebook |  Twitter  |   Google+  |  Pinterest  |   LinkedIn

The Devil Inside the Beltway can be purchased:

Amazon  |   Kobo  |   B&N   

Read More