The Tale of LabMD: New Lawsuits Charge Ethics Violations and Fake Data Breaches

Christina Seda-Acosta
Patterson Belknap Webb & Tyler LLP
Contact
LinkedIn
Facebook
X
Send
Embed

The LabMD data security case is anything but dull.  An 8-year (and counting) fight with the U.S. Federal Trade Commission, a U.S. House of Representatives Oversight and Government Reform Committee investigation into allegations of government overreach and collusion, a key witness granted governmental immunity and multiple related civil lawsuits scattered around the country.

And last week, LabMD – the target of an FTC data security enforcement action – sued a prominent former federal prosecutor over charges of ethics violations and unsealed its False Claims Act lawsuit against a cybersecurity firm, accusing it of falsifying data breaches as a way of landing new business.

Over the weekend, LabMD filed a federal lawsuit against the former U.S. Attorney for the Western District of Pennsylvania for alleged violations of the Ethics in Government Act.  The 27-page complaint, filed in Manhattan, accuses Mary Beth Buchanan, now in private practice, of participating in the LabMD enforcement action as counsel to a whistleblower, Richard E. Wallace, even though – the complaint charges – she participated “personally and substantially” in the case while the U.S. Attorney.

The complaint alleges that, while the top federal prosecutor in Pittsburgh, Buchanan authorized the FBI “to install a dedicated DSL line in Wallace’s home office … to access and use FBI proprietary surveillance software and equipment to search and seize evidence from the computers of child pornographers.”  LabMD claims that “Wallace used the FBI surveillance software … authorized by Buchanan …. to search for, access and download from a LabMD billing computer … a 1,718-page LabMD file containing confidential health information.”  That file is the basis of the FTC’s data security enforcement action against LabMD.  Wallace was then the director of special operations for Tiversa Inc., a cybersecurity forensics firm.

The LabMD complaint further alleges that Buchanan was eventually retained by Wallace to represent him in the FTC action and the former U.S. attorney and her firm “direct[ed] Wallace not to testify about his prior work with Buchanan, and in particular, not to disclose his use of the FBI surveillance software and equipment authorized by Buchanan to hack into and take from a computer … a [LabMD] file containing confidential information on over 9,000 patients.”

The Ethics in Government Act – passed after the Watergate scandal – places restrictions on former government officials and either prohibits or restricts their participation in matters in which they were involved while in the government.

The LabMD case dates back to 2010 when the Commission began investigating the Atlanta-based cancer detection lab’s data security practices.  After years of back-and-forth, an administrative law judge eventually tossed out the FTC’s case.  The Commission reversed and reinstated the case.  LabMD appealed to the U.S. Court of Appeals for the Eleventh Circuit.  The matter was argued last year and a decision is expected soon.  We have covered the LabMD case extensively on this blog.

Earlier last week, LabMD’s False Claims Act lawsuit against cybersecurity firm Tiversa was unsealed in New York federal court.  The complaint accuses Tiversa of faking data breaches to lure in new clients including the U.S. government.  Tiversa engaged in a scheme to defraud the United States Government out of “millions of dollars” by “fabricat[ing]” cybersecurity breaches in order to obtain lucrative federal contracts, according to the suit.

The complaint alleges that Tiversa searched “peer-to-peer” computer networks to locate and seize sensitive information from the federal government and used that information to falsely represent that there was a security breach when, in fact, it was easily remedied by removing the software from the infected computer.  To incite urgency, Tiversa allegedly identified IP addresses of known criminals or locations where it would be perceived as problematic for the information to be found, and falsely claimed that it had found copies of the identified files at those addresses as well.  According to the complaint, once Tiversa successfully induced the government entity into a contract, it continued to falsify alarming breaches in order to maintain the business relationship.

LabMD further contends that Tiversa employed the scheme on “public and private entities” nationwide, including the Department of Homeland Security, the Department of Defense and the Department of Education, to name only a few.

“It is a classic protection racket, updated for the digital age,” charges LabMD.

As always, we’ll continue to report on the LabMD case.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Patterson Belknap Webb & Tyler LLP | Attorney Advertising

Written by:

Patterson Belknap Webb & Tyler LLP
Patterson Belknap Webb & Tyler LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Patterson Belknap Webb & Tyler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide