FTC Gives Final Approval to Settlement with Emergency Travel Services Provider Related to Allegations It Failed to Secure Sensitive Data
The Federal Trade Commission finalized a settlement with a Nevada-based company that provides travel emergency services over allegations it failed to take reasonable steps to secure sensitive consumer information such as health records.
In a complaint first announced by the FTC on December 16, 2020, the agency alleged that SkyMed International, Inc. failed to employ reasonable measures to secure the personal information it collected from people who had signed up for its travel emergency membership plan, and as a result, the company left unsecured a cloud database containing 130,000 membership records. The unsecured database contained members’ personal information stored in plain text such as names, dates of birth, home addresses, health information, and membership account numbers, according to the complaint.
The FTC also alleged that SkyMed deceived consumers by displaying a “HIPAA Compliance” seal on every page of its website, which gave the false impression that its privacy policies had been reviewed and met the security and privacy requirements of the Health Insurance Portability and Accountability Act (HIPAA).
Under the settlement, SkyMed must send a notice to affected consumers detailing the information exposed by the data breach. The company must also implement a comprehensive information security program and obtain biennial assessments of this program by a third party. The settlement also prohibits SkyMed from misrepresenting how it secures personal data, the circumstances of and response to a data breach, and whether the company has been endorsed by or participates in any government-sponsored privacy or security program.
After receiving no comments, the FTC voted 5-0 to finalize the settlement with SkyMed.
The Federal Trade Commission works to promote competition and to protect and educate consumers. You can learn more about consumer topics and report scams, fraud, and bad business practices online at ReportFraud.ftc.gov. Like the FTC on Facebook, follow us on Twitter, get consumer alerts, read our blogs, and subscribe to press releases for the latest FTC news and resources.