A U.S. court has affirmed the Federal Trade Commission’s authority to sue companies over lax information security. The FTC is starting with the hotel industry, but you can bet that healthcare will be next.
Those footsteps you’re hearing are quite possibly from representatives of the FTC, which has retained full authority to regulate corporate cybersecurity thanks to the recent ruling by the 3rd U.S. Circuit Court of Appeals in Philadelphia. The court upheld a 2014 lower court ruling allowing the FTC to pursue a lawsuit against the Wyndham Worldwide hotel chain, whose brands include Ramada and Travelodge.
The FTC is like a pit bull with a great memory. The watchdog agency wants to hold Wyndham accountable for data breaches dating back to 2008 that enabled hackers to obtain credit card info on more than half a million customers.
Attorneys for Wyndham argued that the FTC is overreaching, claiming that the ruling would let the agency ultimately scrutinize supermarkets that fail to sweep up banana peels.
According to Reuters, circuit judge Thomas Ambro countered the banana argument with one of the most hilarious lines ever uttered in a courtroom:
“[That argument] invites the tart retort that, were Wyndham a supermarket, leaving so many banana peels all over the place that 619,000 customers fall hardly suggests it should be immune from liability.”
Judge Ambro probably has a bright future on Comedy Central, but the FTC isn’t laughing. They’ve reportedly begun investigating the security shortcomings at numerous healthcare companies, including Accretive Health, LabMD, GMR Transcription, CVS and Rite-Aid. The upholding of FTC authority proves once again that healthcare information security is much more than a HIPAA issue.
Latest posts by Bob Chaput (see all)
- HIPAA Risk Analysis Tip – Part 5 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - June 5, 2017
- HIPAA Risk Analysis Tip – Part 4 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 29, 2017
- HIPAA Risk Analysis Tip – Part 3 – Questions & Answers from May 3rd Conversation with Former OCR Director Leon Rodriguez - May 21, 2017