Dec 132013
 

A PHIprivacy.net commentary.

In another post this morning, I described a very worrisome breach involving Lanap & Dental Implants of Pennsylvania.

Our awareness of that breach is due to Justin Shafer’s persistent efforts to shine some light on it.  He responsibly contacted the dental practice over a year ago to alert them when he discovered their patient data online, and he responsibly did not post any of the identifiable patient information. And when he became aware that thousands of patients had seemingly not been notified about the breach, he reached out to the media to help make more people aware of it so they could protect themselves.

He deserves appreciation for his efforts, but so far, all he seems to have gotten is a CEASE AND DESIST letter from the dental practice’s lawyer, Scott McIntosh.

If I understand the C&D correctly, Mr. McIntosh is demanding that Mr. Shafer never mention the dental practice, its doctors, or the breach ever again and they are seeking criminal prosecution of him in two states.

Hopefully, Mr. Shafer will recognize the letter for what it is – a shameless attempt to intimidate him and chill speech that is protected under the First Amendment.  I hope  some lawyer who actually has expertise in the First Amendment will help Mr. Shafer respond to the ridiculous threat.

It is neither helpful nor  appropriate to threaten people with lawsuits for trying to raise public awareness on issues of public concern such as a serious  breach.

No, it will not do at all, and I hope both HHS and the FTC take note that the dental practice appears to be trying to intimidate Mr. Shafer into remaining silent about a very serious breach.

Update: See comment below for link to CEASE and DESIST letter.

  One Response to “Commentary: Shooting the Messenger is Not an Effective Incident Response Strategy (updated)”

  1. The CEASE AND DESIST letter can now be viewed here.

Sorry, the comment form is closed at this time.