News & Insights  |  Media Mentions

Related Professionals

Practice Areas


Patricia O'Connell
Senior Communications Manager

Kirk Nahra Comments on FTC Cybersecurity Case Against LabMD

Healthcare Info Security
October 13, 2016

Kirk J. Nahra, chair of Wiley Rein’s Privacy Practice and co-chair of the Health Care Practice, was quoted in an October 11 Healthcare Info Security article regarding congressional interest in the FTC’s case against medical testing company LabMD. Two Senate subcommittee chairmen recently requested information from FTC chairwoman Edith Ramirez over the merits of the FTC’s case, specifically raising concerns over whether LabMD was afforded due process.  At stake is whether the FTC overreached in its authority by claiming that LabMD’s failure to secure sensitive patient data could cause potential harm to consumers – an act that the agency feels violated Section 5 of the FTC Act.  The case was initially dismissed by an FTC judge before being reversed and LabMD is now considering an appeal in federal court.

“I continue to believe that this LabMD case is essentially one-of-a-kind, given the relatively crazy twists and turns it has taken,” Mr. Nahra said. “I doubt the appeals court will stay the order only because it is generally hard to get an appeals court to stay an order. I also doubt that this case will have much overall impact on the FTC, until the time - if at all - that they get struck down on their approach.”

The case has also raised questions about whether the FTC should be providing more information to the private sector about cybersecurity standards.  “The FTC, over time, has given a good amount of guidance, and generally has tried reasonably hard to convey to all kinds of businesses - small and large - what they should be doing in this area,” added Mr. Nahra.  “The question of whether they should have their enforcement authority on these points without a specific regulation is a different issue.”

To read the full article, please click here