Congressional Hearing on Tiversa DelayedSecurity Firm at Center of Dispute Between LabMD, FTC
A Congressional hearing scrutinizing Tiversa, the peer-to-peer security firm that's at the center of the ongoing data security dispute between medical test lab firm LabMD and the Federal Trade Commission, has been postponed until November.
The House Committee on Oversight and Government Reform hearing was cancelled without explanation hours before it was slated to begin on Sept. 17, LabMD CEO Michael Daugherty tells Information Security Media Group. The hearing will be rescheduled for a yet to be determined date in November, a committee source tells ISMG, declining to provide a reason for the postponement.
"I have complete trust the Oversight Committee is doing what is best for their investigation," Daugherty tells ISMG. "If they need more time, so be it."
The hearing was expected to probe the relationship between Pittsburgh-based Tiversa and the FTC. Tiversa provided the FTC with information about alleged security incidents that the commission has pursued for potential enforcement actions, including the commission's ongoing case against LabMD.
Tiversa CEO Robert Boback was slated to testify at the hearing. A Tiversa spokeswoman says the company has provided to the committee 30,000 pages of documents and has made available seven current and former employees for interviews, as the panel investigates the firm.
In a statement to ISMG, the Tiversa spokeswoman says, "Tiversa is committed to protecting its clients from cyberthreats. We have done the right thing and we look forward to the conclusion of the Committee's inquiry."
LabMD, FTC Battle
A LabMD evidentiary hearing - also called a FTC administrative trial - that began on May 20 but has been on hold since June isn't likely to resume until sometime in October at the earliest, based on an August ruling by an FTC administrative judge. The evidentiary hearing was slated to consider such issues as whether the FTC should move forward with an enforcement order against LabMD related to the lab's data security practices.
The judge ruled that the House Committee on Oversight has until Oct. 1 to decide whether to grant immunity to a witness, a former Tiversa employee, in the FTC case against LabMD (see Examining FTC Data Security Enforcement). If the committee does not grant the witness immunity, LabMD can file a request with the FTC administrative court requiring the Tiversa witness to testify and granting immunity.
The legal dispute centers on a complaint filed by the FTC against LabMD last August, alleging the Atlanta-based lab firm failed to protect consumer health data in two separate incidents. FTC alleges the incidents - including the one supposedly discovered by Tiversa - collectively exposed the personal information of approximately 10,000 consumers. Daugherty has argued that the FTC is overstepping its authority in the investigation.
The commission had proposed an order against LabMD that would "require the company to implement a comprehensive information security program, and have that program evaluated every two years by an independent, certified security professional for the next 20 years."
LabMD shut down its operations earlier this year, citing the ongoing battle with FTC and the resources the legal fight required.