The Federal Trade Commission finalized a settlement with a Nevada-based company that provides travel emergency services over allegations it failed to take reasonable steps to secure sensitive consumer information such as health records.
In a complaint first announced by the FTC on December 16, 2020, the agency alleged that SkyMed International, Inc. failed to employ reasonable measures to secure the personal information it collected from people who had signed up for its travel emergency membership plan, and as a result, the company left unsecured a cloud database containing 130,000 membership records. The unsecured database contained members’ personal information stored in plain text such as names, dates of birth, home addresses, health information, and membership account numbers, according to the complaint.
The FTC also alleged that SkyMed deceived consumers by displaying a “HIPAA Compliance” seal on every page of its website, which gave the false impression that its privacy policies had been reviewed and met the security and privacy requirements of the Health Insurance Portability and Accountability Act (HIPAA).
Under the settlement, SkyMed must send a notice to affected consumers detailing the information exposed by the data breach. The company must also implement a comprehensive information security program and obtain biennial assessments of this program by a third party. The settlement also prohibits SkyMed from misrepresenting how it secures personal data, the circumstances of and response to a data breach, and whether the company has been endorsed by or participates in any government-sponsored privacy or security program.
After receiving no comments, the FTC voted 5-0 to finalize the settlement with SkyMed.
The Federal Trade Commission works to promote competition and protect and educate consumers. Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov. Follow the FTC on social media, read consumer alerts and the business blog, and sign up to get the latest FTC news and alerts.