House committee says 'inaccurate' info prompted FTC's LabMD complaint

Share this article:

A congressional committee has called into question information provided to the FTC in an ongoing data security case.

On Tuesday, Darrell Issa, the chairman the House Committee on Oversight and Government Reform, wrote a letter (PDF) to the Federal Trade Commission about the committee's concerns – that a security firm's “inaccurate” findings may have “played a role in the FTC's decision to initiate enforcement actions against LabMD.”

In 2009, the FTC began investigating the breach of about 9,000 LabMD customers, where names, Social Security numbers, dates of birth and personal health insurance information were allegedly exposed on publicly accessible peer-to-peer (P2P) file-sharing networks.  LabMD, an Atlanta-based medical testing lab, has since shuttered most of its operations after years of fighting the FTC's claims in court, which drained its coffers.

In its letter, the House committee also said it had “substantial concerns” about the relationship between the FTC and Pittsburgh-based Tiversa, a peer-to-peer intelligence provider. Issa even went as far as to say that Tiversa may have manipulated information pertaining to the LabMD breach.

Tiversa, which notified LabMD of its breach in May 2008, later provided its findings to the FTC after LabMD turned down its remediation services, Issa wrote.

“Apparently, Tiversa provided information to the FTC about companies that refused to buy its services,” Issa claimed in the letter, adding that Tiversa “may have manipulated information to advance the FTC's investigation” – particularly, the results of a spread analysis, or in-depth network scan.

Provided in the letter was part of a transcribed interview Tiversa CEO Robert Boback had with the House Committee. In the interview, Boback allegedly said that a Tiversa analyst, who had initially looked into the LabMD breach, provided him with “less than accurate information.”

In light of its claims, the House Committee has asked the FTC to examine it procedures for receiving information leading to data security or privacy enforcement actions. The committee also requested that FTC scrutinize its relationship, and seemingly questionable interactions, with Tiversa.

In a Thursday interview, Bradley Clanton, a shareholder in the Mississippi and Washington, D.C., offices of law firm Baker Donelson, told that the House committee's investigation marked a rare move.

“It's very unusual for an oversight committee to get involved in a matter that's pending like this,” Clanton said.

He later said that the move further demonstrated how “entities are pushing back against the FTC, and that courts are likely to require them to give more specificity to what [data security standards] they expect.”

In early May, an administrative law judge sided with LabMD in the ongoing FTC case, by backing its argument that the FTC should makes its data security standards plain.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber ...

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.