Reblogged – original post By Allison Grande
Law360, New York
LabMD on Tuesday piled onto its long-running fight with cybersecurity firm Tiversa, which the lab claims stole a patient data file that it gave to the Federal Trade Commission, by filing a new complaint in Georgia federal court that names two major law firms as co-conspirators and alleges that Tiversa also targeted Coca-Cola, Papa John’s and others.
The medical testing laboratory and CEO Michael J.Daugherty cited numerous instances in their 192-page complaint that Tiversa Holding Corp. and more than a dozen purported co-conspirators — including law firms Morgan Lewis & Bockius LLP and Pepper Hamilton LLP as well as the trustees of Dartmouth College — allegedly pulled off their classic “steal, lie, threaten, retaliate” ploy against both LabMD and other Georgia-based businesses, including Coca-Cola and Papa John’s.
“This case starts with a crime and a lie,” the complaint said. “The crime — the theft of a confidential file with personal health information on approximately 9,300 patients. The lie — the thief claims the victim made it available to the public.”
LabMD first encountered Tiversa in 2007 when the cybersecurity firm informed the lab that it had discovered the confidential file on the peer-to-peer file-sharing network LimeWire. Tiversa then turned the file over to the FTC, which based on the tip launched an action in 2013 accusing the lab of failing to maintain reasonable data security.
But in their newest complaint, LabMD and Daugherty reiterated their long-standing position that Tiversa had actually stolen the file from the lab’s servers, and that its referral to the FTC — which ultimately led the lab to shutter its operations — was retaliation for LabMD refusing Tiversa’s security services.
“LabMD and Daugherty … knew that LabMD had done no wrong,” the complaint said, adding that their convictions were confirmed by former Tiversa employee and whistleblower Richard Wallace, who after being granted immunity testified during the course of the FTC proceedings that Tiversa had secretly hacked the file directly from a LabMD computer in Atlanta, without any permission or authority, and knew that the file had never “leaked” anywhere.
“Immunized testimony from this individual during the trial of the enforcement action was so convincing that the FTC ultimately withdrew all reliance upon Tiversa’s crimes and lies,” the complaint said, referencing representations made by FTC staff attorneys during oral arguments challenging an administrative law judge’s dismissal of the commissioner’s complaint, which were held in front of the acting commissioners in March.
Tiversa repeated this pattern of lies and retaliation with several other companies that refused to hire it and pay for its services, according to the complaint, which specifically called out Tiversa’s interactions with Coca-Cola, Papa John’s, Logisticare Solutions and Franklin’s Budget Auto Sales, as well as the Georgia Music Educators Association and an AIDS clinic.
According to the complaint, Tiversa executed the “four core steps” of its business model — stealing private, confidential and classified files; lying to its targets about the source of the information; threatening to report reluctant targets to law enforcement; and retaliating against targets that refused to hire it — against all these companies.
LabMD also asserted that Tiversa didn’t act alone and names more than a dozen co-conspirators, including Morgan Lewis, Pepper Hamilton, and former Morgan Lewis and current Pepper Hamilton partner Eric D. Kline, which began providing legal services to Tiversa around January 2004 and allegedly helped it create a “shell company” called the Privacy Institute.
Altogether, the complaint sets forth approximately 20 predicate acts under the Georgia and federal Racketeer Influenced Corrupt Organizations acts — 15 of which the plaintiffs claim caused actual harm — and over 20 additional criminal violations committed by at least one of the 18 known defendants, including violations of the Computer Fraud and Abuse Act and common law fraud and negligence.
“This lawsuit is primarily about Tiversa’s illegal scheme — its pattern of racketeering activity, its theft and other crimes, its lies and other frauds, its conspirators and accomplices, its predicate acts under state and federal RICO and, ultimately, the liability of all defendants for the harms they have caused LabMD and Daugherty,” the complaint said.
The complaint that came to light Tuesday marks the latest development in the parties’ long-running scuffle.
Shortly after the filing of the FTC’s enforcement action, Tiversa filed the first of several defamation lawsuits against LabMD and Daugherty, which have been dropped, and LabMD currently has a similar fraud and hacking action pending in Pennsylvania federal court against Tiversa, its CEO, Robert Boback, and others, although LabMD noted in its latest complaint that the Pennsylvania action was filed four months before the Tiversa whistleblower testified in the FTC enforcement action and before the House Oversight Committee released its revealing report into Tiversa’s business practices.
“Because of the congressional investigation and report and the immunity given to [Wallace], all this stuff didn’t start coming out until 2015,” Daugherty told Law360 Tuesday. “That’s what they do — they try to hide and then run the clock and run the statue of limitations. This took a long time, and what’s really unfortunate is that not many people get to have the luxury of a congressional investigation and report and immunity grants, and it’s just sad that all those parts were necessary to get to justice.”
Representatives for Tiversa did not immediately respond to a request for comment late Tuesday.
LabMD and Daugherty are represented by James W. Hawkins of James W. Hawkins LLC.
Counsel information for the defendants was not immediately available.
The case is Daugherty et al. v. Adams et al., case number 1:16-cv-02480, in the U.S. District Court for the Northern District of Georgia.
–Editing by Bruce Goldman.