Medical lab allegedly exposed customer info on P2P, claims it was the victim

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/security/2013/08/medical-lab-allegedly-exposed-customer-info-on-p2p-claims-it-was-the-victim/

By Jon Brodkin
Ars Technica
Aug 29 2013

A medical testing laboratory called LabMD has been accused of exposing the 
personal information of about 10,000 customers on a peer-to-peer file 
sharing network.

The company has been fighting the claims, saying a security firm that 
uncovered the breach victimized LabMD by downloading a large spreadsheet 
containing sensitive customer information.

The US Federal Trade Commission today said it filed a complaint which 
"alleges that LabMD billing information for over 9,000 consumers was found 
on a peer-to-peer (P2P) file-sharing network and then, in 2012, LabMD 
documents containing sensitive personal information of at least 500 
consumers were found in the hands of identity thieves."

The lab is based in Atlanta but performs medical tests for consumers 
nationwide.

Police in Sacramento, CA, found in 2012 that identity thieves had 
possession of LabMD documents containing names, Social Security numbers, 
and bank account information for at least 500 people. "[A] number of these 
Social Security numbers are being or have been used by more than one 
person with different names, which may be an indicator of identity theft," 
the FTC said. The complaint also alleges that "a LabMD spreadsheet 
containing insurance billing information was found on a P2P network," the 
FTC said. "The spreadsheet contained sensitive personal information for 
more than 9,000 consumers, including names, Social Security numbers, dates 
of birth, health insurance provider information, and standardized medical 
treatment codes."

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/