23 Dec Patient Data On Filesharing Service Provokes Legal Trouble
Quote from Information Week
In 2008, cyber-intelligence company Tiversa notified LabMD, a small Atlanta medical testing lab, that it had found a 1,700-page file from the lab containing sensitive patient information on a peer-to-peer network and offered its services to remediate the problem.
But Tiversa wouldn’t reveal where the file was found or how it was discovered unless LabMD hired the company.
“This smelled of extortion,” said LabMD president and CEO Michael J. Daugherty, and he refused to do business with Tiversa. So began a twisted and cautionary tale for small businesses about government requirements for protecting sensitive data.
The Federal Trade Commission obtained a copy of the stolen document from Tiversa and in August of this year filed an administrative complaint alleging the lab failed to secure patient data reasonably and lacked a comprehensive data security program. Daugherty calls this action regulatory overreach and chose to fight back, writing about his experience in a recently published book, “The Devil Inside the Beltway.” In it, he accuses Tiversa and the FTC of conspiring in a shakedown.