The FTC has finalized a settlement with SkyMed International, a Nevada-based company that provides travel emergency services. The FTC first announced the complaint against SkyMed International on December 16, 2020, which alleged that it failed to employ reasonable measures to secure personal information collected from customers, including health information. The complaint further alleged that that SkyMed deceptively displayed a “HIPAA Compliance” seal on every page of its website, giving a false impression that its privacy policies had been reviewed and met the security and privacy requirements of HIPAA. The settlement with SkyMed International: (1) requires it to “send a notice to affected consumers detailing the information exposed by the data breach”; (2) requires it to “implement a comprehensive information security program and obtain biennial assessments of this program by a third party”; and (3) prohibits it “from misrepresenting how it secures personal data, the circumstances of and response to a data breach, and whether the company has been endorsed by or participates in any government-sponsored privacy or security program.” The FTC voted 5-0 to finalize the settlement with SkyMed International.