[ Friday, November 13, 2015 ]


FTC Loses Big Data Breach Case: Of course, LabMD is dead from the weight of having to fight the FTC, but you gotta break some eggs to make an omelet, amirite?

LabMD had policies and procedures that were likely sufficient for HIPAA compliance, but an employee violated the policies and posted some P2P software on his company computer that allowed some data to be downloaded by others.  As far as can be proven, only one incident of downloading occurred - by a cybersecurity firm working in the P2P space.  Possibility of harm?  Yes.  Probability of harm? Er, no way.

Big H/T: Dissent Doe

UPDATE: I didn't notice until today that the decision was by an Administrative Law Judge, employed by the FTC itself.  That makes this even bigger news. 

Jeff [10:04 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template