Cybersecurity Firm Accused of PHI Theft and Mafia Style Extortion

According a recent report on CNN, cybersecurity firm Tiversa has been staging break-ins, stealing PHI and extorting its clients in an attempt to get them to pay for additional services provided by the firm. An accusation firmly denied by Tiversa.

The story of Tiversa is likely to become well known over the coming weeks, as a whistle-blower has come forward with tales of extortion, theft, scare tactics and fraud closer to what would be expected of the mafia, not a cybersecurity company.

The company may not be particularly well known, but some of its board members are. According to the CNN report, “board members include several highly-decorated experts in the security and privacy fields, including the retired four-star U.S. Army General Wesley K. Clark (formerly NATO’s Supreme Allied Commander in Europe) and Larry Ponemon (founder of the Ponemon Institute, a pro-privacy think tank).”

Whistle-Blower Reveals Details of Mafia-Style Extortion

An ex-employee of the company, Richard Wallace, has testified in a Washington D.C court claiming, as one of the company’s former investigators, he was instructed to knock down clients to drum up business. The company would hack into their client’s computer systems and stage cybersecurity attacks.

The extent of the fraud, its complexity and its effect is startling. It is alleged that the company CEO, Bob Bobak would issue instructions to staff to look for IP addresses of known identity thieves, taking advantage of contacts in law enforcement. Those IP addresses would be used to indicate the threat level, with the company allegedly saying that these individuals were targeting their clients’ systems.

The healthcare industry had at least one victim, probably a great deal more, should the allegations prove to be correct. The company has assisted the FTC with more than 100 data leak investigations.

Devastating Consequences for Extortion Victim

LabMD, an Atlanta-based cancer testing center, was targeted by Tiversa. Wallace claims he was required to break into the firm’s computer system to steal medical records.

LabMD was then told of the break in and offered services to help deal with the breach and mitigate damage, what it called “incident response services”. When LabMD refused to pay for the additional services, the company was threatened and the data was uploaded to a P2P file sharing website. Tiversa employees told LabMD staff that if they did not pay, the company would be forced to report LabMD and the breach to the Federal Trade Commission.

These were not idle threats. LabMD continued to refuse and Tiversa reported the data breach, which triggered an FTC investigation. The matter is now being dealt with by the courts. It has been a long battle, and not without considerable financial cost. So much so that the company has been ruined and has had to lay off all of its 40 staff.

According to a statement published on Inquisitr, Michael Daugherty, CEO of LabMD said:

“We were a small company. It’s not like we had millions of dollars to fight this and tons of employees. The fight with the government was psychological warfare. There was reputation assassination. There was intimidation. We thought we were extorted. My staff and management team was demoralized. My VP left. My lawyer left.”

The company was allegedly offered the opportunity to go to court – and cover huge legal costs – or take a plea deal and have to deal with mountains of paperwork. Court action was chosen.

Bob Bobak has responded to the claims saying “this is an overblown case of a terminated employee seeking revenge.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.