LabMD has shut down after a years-long tangle with federal regulators regarding the safeguarding of its patient records. The Atlanta-based laboratory, which focused on uropathology assays, received a formal complaint from the Federal Trade Commission (FTC) last August regarding security breaches involving the personal health information of about 9,000 of its patients. The incident was traced to a breach of LabMD’s computer firewall when an employee had downloaded a peer-to-peer music-sharing application to listen to songs while she worked. The data appeared on the music-sharing service’s own network and was eventually accessed by identity thieves, the FTC claims. The breach is an unusual one; most involving employees are tied to their losing or having had stolen unencrypted laptop computers or smartphones containing sensitive data. According to statistics from the U.S. Department of Health and Human Services (HHS), only 38 of nearly 800 large patient data breaches reported to the agency have been tied directly to hacking incidents involving a health care provider’s server. The FTC had been investigating LabMD and several other companies since 2010 about failures to safeguard consumer information. According to the FTC, the breaches constituted a deceptive and unfair trade practice. LabMD officials have argued that the […]
LabMD has shut down after a years-long tangle with federal regulators regarding the safeguarding of its patient records.
The Atlanta-based laboratory, which focused on uropathology assays, received a formal complaint from the Federal Trade Commission (FTC) last August regarding security breaches involving the personal health information of about 9,000 of its patients.
The incident was traced to a breach of LabMD’s computer firewall when an employee had downloaded a peer-to-peer music-sharing application to listen to songs while she worked. The data appeared on the music-sharing service’s own network and was eventually accessed by identity thieves, the FTC claims.
The breach is an unusual one; most involving employees are tied to their losing or having had stolen unencrypted laptop computers or smartphones containing sensitive data. According to statistics from the U.S. Department of Health and Human Services (HHS), only 38 of nearly 800 large patient data breaches reported to the agency have been tied directly to hacking incidents involving a health care provider’s server.
The FTC had been investigating LabMD and several other companies since 2010 about failures to safeguard consumer information. According to the FTC, the breaches constituted a deceptive and unfair trade practice.
LabMD officials have argued that the HHS is the appropriate agency to oversee potential breaches involving patient data, and that while it wanted to cooperate with the FTC, the agency has never provided a specific road map for complying with its demand to protect patient privacy.
Although the issue is one of compliance, the tangle over how to satisfy regulators led to the closing of a lab that had 25 employees and had been in operations for nearly 20 years.
“LabMD’s wind down is largely due to the FTC’s abuse of power,” the company said in a statement. “Absent any established or uniform data security standards; absent Congressional approval to regulate data security practices; absent a consumer victim from any alleged LabMD security breach; all without alleging that LabMD violated HIPAA privacy regulations, the FTC has spent untold taxpayer dollars investigating LabMD, destroying jobs and usurping power over patient information from the [HHS].”
LabMD’s chief executive officer, Michael Daugherty, has claimed that a company wanting to provide it cybersecurity services tipped regulators about the incident when he chose not to contract with that firm. He has written a highly critical book about the FTC and has been making speeches about the topic. A nonprofit, self-styled government watchdog called Cause of Action has also been providing legal counsel to LabMD.
Takeaway: An investigation by the FTC into a data breach at LabMD in Atlanta has forced the lab to shut its doors.
