[ Friday, November 13, 2015 ]
FTC Loses Big Data Breach Case: Of course, LabMD is dead
Jeff [10:04 PM]
from the weight of having to fight the FTC, but you gotta break some eggs to make an omelet, amirite?
LabMD had policies and procedures that were likely sufficient for HIPAA compliance, but an employee violated the policies and posted some P2P software on his company computer that allowed some data to be downloaded by others. As far as can be proven, only one incident of downloading occurred - by a cybersecurity firm working in the P2P space. Possibility of harm? Yes. Probability of harm? Er, no way.
Big H/T: Dissent Doe
UPDATE: I didn't notice until today that the decision was by an Administrative Law Judge, employed by the FTC itself. That makes this even bigger news.
Blogger: HIPAA Blog - Edit your Template