FTC Reaches Settlement with SkyMed for 2019 Consumer Data, PHI Breach
Health IT Security
The FTC reached a settlement with SkyMed that requires the Nevada-based provider of emergency services to implement a comprehensive information security program, which will resolve allegations stemming from a breach of consumer data, including protected health information in 2019.
The agency alleged the company failed to take reasonable steps to secure sensitive consumer data, like health records, which directly resulted in the exposure of 130,000 membership records.
In 2019, security researcher Jeremiah Fowler discovered a misconfigured Elasticsearch database belonging to SkyMed, which was left unsecured online and thus leaking a trove of sensitive data containing 136,995 records stored in plaintext.
The database was...