FTC: Medical lab exposed 10K patients to identity fraud

Federal trade officials filed a complaint against an Atlanta-based medical testing lab alleging that it failed to protect the privacy of 10,000 patients. 

The Federal Trade Commission (FTC) said Thursday that a LabMD spreadsheet containing information from more than 9,000 people was found on a peer-to-peer file-sharing network. 

The document included names, Social Security numbers, dates of birth and medical treat codes that later landed in the hands of identity thieves, the agency charged. 

Thursday's complaint highlights efforts to fight health-related identity fraud as information technology makes records more vulnerable to theft.

The complaint was administrative, meaning the allegations will eventually be tried before an administrative judge.

"The unauthorized exposure of consumers' personal data puts them at risk," said Jessica Rich, Director of the FTC's Consumer Protection Bureau, in a statement.

"The FTC is committed to ensuring that firms who collect that data use reasonable and appropriate security measures."

LabMD released a statement saying the FTC lacks the authority to file its complaint and accusing the agency of a conducting a "witch hunt" against business.

"The Federal Trade Commission’s enforcement action against LabMD based, in part, on the alleged actions of Internet trolls, is yet another example of the FTC’s pattern of abusing its authority," the company stated.

"LabMD looks forward to vigorously fighting against the FTC’s overreach by seeking recourse through the available legal processes."

—This post was updated Thursday at 3:44 p.m. with LabMD's statement.