Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity NewsGovernment: Federal, State and Local

Health tracking app charged by FTC for sharing sensitive information

By Security Staff
hand holding smartphone

Image via Unsplash

June 2, 2023

Fertility app Premom has been charged by the Federal Trade Commission (FTC) for sharing users' sensitive information with third parties, and sharing sensitive health data to Google. According to the FTC, this is in violation of the Health Breach Notification Rule (HBNR). This is the FTC’s second enforcement action involving the Health Breach Notification Rule following a settlement announced in February with telehealth and prescription drug discount provider GoodRx Holdings Inc.

As part of a proposed order filed by the Department of Justice on behalf of the FTC, Illinois-based Easy Healthcare Corporation, which operates the Premom app, would be barred from sharing users’ personal health data with third parties for advertising, required to obtain users’ consent before sharing health data for any other purpose and must tell consumers how their personal data will be used. The proposed order must be approved by the federal court to go into effect.

The Premom app helps users track ovulation, periods and other health information, and also sells ovulation test kits. The app encourages users to provide information about their menstrual cycles, fertility and pregnancy as well as to import their data from other apps such as Apple Health.

In a complaint also filed by the Department of Justice, the FTC says that Easy Healthcare repeatedly and deceptively promised users in its privacy policies that it would not share their health information with third parties without users’ consent and that any data it did collect was non-identifiable and only used for its own analytics or advertising. Easy Healthcare failed to take reasonable measures to address the privacy and data security risks created by its use of third-party automated tracking tools known as software development kits (SDKs) and shared health information for advertising purposes without obtaining consumers’ affirmative express consent, according to the FTC.

Premom failed to fully disclose its data sharing practices, and also violated direct promises to users, the FTC says. The data it shared with third parties revealed highly sensitive and private details about Premom’s users and led to the unauthorized disclosure of facts about an individual user’s sexual and reproductive health, parental and pregnancy status as well as other information about physical health conditions and status.

The FTC says Premom deceived users by disclosing such sensitive and identifiable health information to marketing firm AppsFlyer and Google through the integration of each company’s SDK. An SDK tracks a user’s interactions with an app and other identifiable information and shares that data with third parties.

Premom’s failure to notify users about the company’s unauthorized disclosure of their unsecured individually identifiable health information to third parties violated the FTC’s HBNR, according to the complaint. The rule requires a vendor of personal health records to notify users, the FTC and in some cases the media, when there has been an unauthorized acquisition of unsecured individually identifiable health information.

The FTC also says Premom integrated SDKs from other third parties into the Premom app including from app analytics provider Umeng and analytics provider Jiguang and shared sensitive user data. This included Premom users’ social media account information and precise geolocation information, as well as data about their mobile devices and Wi-Fi network identifiers, which cannot be changed without buying a new device. These non-resettable identifiers can be used to identify individuals, according to the complaint.

In addition to sharing data without user consent, Premom failed to encrypt adequately the data it shared with third parties, including those in China, subjecting this data to potential interception or seizure, and did not limit how third parties could use the data, according to the complaint.

As part of the proposed order, Easy Healthcare will pay a $100,000 civil penalty for violating the HBNR and will also be:

  • Permanently prohibited from sharing user personal health data with third parties for advertising.
  • Required to obtain user consent before sharing personal health data with third parties for other purposes.
  • Required to retain users’ personal information for only as long as necessary to fulfill the purpose for which it was collected.
  • Prohibited from making future misrepresentations about Easy Healthcare’s privacy practices and required to comply with the HBNR notification requirements for any future breach of security.
  • Required to seek deletion of data it shared with third parties.
  • Required to send and post a consumer notice explaining the FTC’s allegations and the settlement.
  • Required to implement comprehensive security and privacy programs that include strong safeguards to protect consumer data.

As part of a related action, Easy Healthcare also has agreed to pay a total of $100,000 to Connecticut, the District of Columbia and Oregon, which worked with the FTC on this matter, for violating their respective laws.

KEYWORDS: application security data privacy FTC health security personal health information security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • federal trade commission

    FTC bars GoodRx from sharing consumer information for advertising

    See More
  • someone using a phone and laptop at same time

    FTC orders BetterHelp to end use of health information for advertising

    See More
  • desk with laptop, notepad and headphones

    FTC warns against online tracking technology for healthcare providers

    See More

Related Products

See More Products
  • Security of Information and Communication Networks

  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

  • 150 things.jpg

    The Handbook for School Safety and Security

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing