- Topics
- Regions
- Events
- Webcasts
- Resources
- CW Exclusives
- Membership
“For tracking litigation, enforcement, and regulatory developments, Compliance Week
should be your prime source.”- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
Government contractor fined $307K after third-party hack compromised personal data
By 
Aaron Nicodemus2024-10-16T15:34:00
It was a double whammy of cybersecurity no-nos for a federal contractor hit with a data breach: The personal data of Medicare beneficiaries contained in unencrypted screenshots were allegedly compromised when their third-party vendor’s server was hacked.
Virginia-based ASRC Federal Data Solutions (AFDS) agreed to pay nearly $307,000 to the Department of Justice to settle a False Claims Act (FCA) violation related to the breach, the DOJ said in a press release Wednesday. The company also agreed to waive more than $877,000 in costs it incurred notifying beneficiaries and providing credit monitoring.
The DOJ alleged that the storing of screenshots on the third-party vendor’s server violated cybersecurity requirements of the company’s contract with the Centers for Medicare and Medicaid Services (CMS), and that AFDS “knowingly billed CMS in violation of these requirements.”
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefAmerican Water Works discloses probe into cybersecurity breach
American Water Works Company, which supplies drinking water and wastewater to 14 million customers, disclosed a breach of its computer networks and system due to a cybersecurity incident.
-
News BriefDOJ joins compliance officers in lawsuit over Georgia Tech cyber lapses
The Department of Justice joined a whistleblower lawsuit filed by two former Georgia Tech compliance officers who alleged that the institute violated the False Claims Act by knowingly failing to meet cybersecurity requirements in a Department of Defense contract.
-
News BriefSEC orders Equiniti to pay $850K over alleged lax cybersecurity
Equiniti Trust Company has agreed to pay $850,000 to the Securities and Exchange Commission to settle allegations that its failed security measures allowed millions in client funds to be stolen in two cyber incidents.
More from Regulatory Enforcement
-
News BriefFTC sues GM for selling location and behavioral data without drivers' consent
General Motors failed to disclose to customers that it tracked their precise locations and driving behavior and sold the data to third parties, the Federal Trade Commission alleged in a proposed order.
-
News BriefCash App owner Block to pay $175M over fraud caused by lax consumer protection practices
Block, the owner of Cash App and Square, will pay $175 million to settle allegations that its lax consumer protection practices put customers at high risk of fraud, the Consumer Financial Protection Bureau said.
-
News BriefFTC orders Mobilewalla, Gravy Analytics to stop collecting geolocation data without permission
Two large data brokers, Mobilewalla and Gravy Analytics, collected billions of records containing sensitive geolocation and personal data of millions of people, and then sold it without their consent, the Federal Trade Commission said.