FTC Reaches Settlement with SkyMed for 2019 Consumer Data, PHI Breach

Health IT Security

Jessica Davis

The FTC reached a settlement with SkyMed that requires the Nevada-based provider of emergency services to implement a comprehensive information security program, which will resolve allegations stemming from a breach of consumer data, including protected health information in 2019.

The agency alleged the company failed to take reasonable steps to secure sensitive consumer data, like health records, which directly resulted in the exposure of 130,000 membership records.

In 2019, security researcher Jeremiah Fowler discovered a misconfigured Elasticsearch database belonging to SkyMed, which was left unsecured online and thus leaking a trove of sensitive data containing 136,995 records stored in plaintext.

The database was...

Get the Morning Update

Thanks for subscribing!