Jacqueline Stokes spotted the home paternity test at her local drugstore in Florida and knew she had to try it. She had no doubts for her own family, but as a cybersecurity consultant with an interest in genetics, she couldn't resist the latest advance.
At home, she carefully followed the instructions, swabbing inside the mouths of her husband and her daughter, placing the samples in the pouch provided and mailing them to a lab.
Days later, Stokes went online to get the results. Part of the lab's Web site address caught her attention, and her professional instincts kicked in. By tweaking the URL slightly, a sprawling directory appeared that gave her access to the test results of some 6,000 other people.
The site was taken down after Stokes complained on Twitter. But when she contacted the Department of Health and Human Services about the seemingly obvious violation of patient privacy, she got a surprising response: Officials couldn't do anything about the breach.