A U.S. court has affirmed the Federal Trade Commission’s authority to sue companies over lax information security. The FTC is starting with the hotel industry, but you can bet that healthcare will be next.

Those footsteps you’re hearing are quite possibly from representatives of the FTC, which has retained full authority to regulate corporate cybersecurity thanks to the recent ruling by the 3rd U.S. Circuit Court of Appeals in Philadelphia. The court upheld a 2014 lower court ruling allowing the FTC to pursue a lawsuit against the Wyndham Worldwide hotel chain, whose brands include Ramada and Travelodge.

The FTC is like a pit bull with a great memory. The watchdog agency wants to hold Wyndham accountable for data breaches dating back to 2008 that enabled hackers to obtain credit card info on more than half a million customers.

Attorneys for Wyndham argued that the FTC is overreaching, claiming that the ruling would let the agency ultimately scrutinize supermarkets that fail to sweep up banana peels.

According to Reuters, circuit judge Thomas Ambro countered the banana argument with one of the most hilarious lines ever uttered in a courtroom:

“[That argument] invites the tart retort that, were Wyndham a supermarket, leaving so many banana peels all over the place that 619,000 customers fall hardly suggests it should be immune from liability.”

Judge Ambro probably has a bright future on Comedy Central, but the FTC isn’t laughing. They’ve reportedly begun investigating the security shortcomings at numerous healthcare companies, including Accretive Health, LabMD, GMR Transcription, CVS and Rite-Aid. The upholding of FTC authority proves once again that healthcare information security is much more than a HIPAA issue.

Contact Us

If the FTC comes a-knockin’, you’re going to need much more than a banana peel defense.

Clearwater’s industry insights and educational resources can help you avoid slippery – and costly – situations.
Contact Us

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.