Government contractor fined $307K after third-party hack compromised personal data
By 
Aaron Nicodemus2024-10-16T15:34:00
It was a double whammy of cybersecurity no-nos for a federal contractor hit with a data breach: The personal data of Medicare beneficiaries contained in unencrypted screenshots were allegedly compromised when their third-party vendor’s server was hacked.
Virginia-based ASRC Federal Data Solutions (AFDS) agreed to pay nearly $307,000 to the Department of Justice to settle a False Claims Act (FCA) violation related to the breach, the DOJ said in a press release Wednesday. The company also agreed to waive more than $877,000 in costs it incurred notifying beneficiaries and providing credit monitoring.
The DOJ alleged that the storing of screenshots on the third-party vendor’s server violated cybersecurity requirements of the company’s contract with the Centers for Medicare and Medicaid Services (CMS), and that AFDS “knowingly billed CMS in violation of these requirements.”
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefDOJ fines MORSE Corp $4.6M for lax cyber controls amid crack down on federal contractors
Yet another government contractor has been slapped with a fine by the Department of Justice for applying lax cybersecurity defenses on sensitive government data.
-
News BriefDOJ orders Lockheed Martin to pay $30M over defective pricing on F-35 contracts
The Department of Justice announced it reached a settlement with Lockheed Martin stemming from allegations of “defective pricing on contracts for F-35 military aircraft.” The deal comes days after Attorney General Pam Bondi was confirmed by the Senate, which will shift the DOJ’s focus away from white-collar misconduct.
-
News BriefAmerican Water Works discloses probe into cybersecurity breach
American Water Works Company, which supplies drinking water and wastewater to 14 million customers, disclosed a breach of its computer networks and system due to a cybersecurity incident.
More from Regulatory Enforcement
-
News BriefFRC fines PwC, auditor combined $4.1M over 2019 work of Wyelands Bank
The U.K. Financial Reporting Council issued penalties against PwC and a former auditor over deficiencies on work related to the 2019 financial statements of now shuttered Wyelands Bank.
-
News BriefEU regulator questions 'culture of compliance' with Digital Markets Act at Apple, Google
The European Commission released its preliminary findings last week regarding Apple and Google not complying with the Digital Markets Act. It issued orders to both companies regarding their business practice and plans to release all of its findings next week.
-
News BriefTreasury reversal of OFAC sanctions against Tornado Cash signals eroding AML scrutiny
The U.S. Treasury Department lifted its sanctions against cryptocurrency mixer Tornado Cash on Friday after a federal appeals court ruled in November the penalty levied by the agency’s Office of Foreign Assets Control was an overreach.