- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Aaron Nicodemus2024-10-16T15:34:00
It was a double whammy of cybersecurity no-nos for a federal contractor hit with a data breach: The personal data of Medicare beneficiaries contained in unencrypted screenshots were allegedly compromised when their third-party vendor’s server was hacked.
Virginia-based ASRC Federal Data Solutions (AFDS) agreed to pay nearly $307,000 to the Department of Justice to settle a False Claims Act (FCA) violation related to the breach, the DOJ said in a press release Wednesday. The company also agreed to waive more than $877,000 in costs it incurred notifying beneficiaries and providing credit monitoring.
The DOJ alleged that the storing of screenshots on the third-party vendor’s server violated cybersecurity requirements of the company’s contract with the Centers for Medicare and Medicaid Services (CMS), and that AFDS “knowingly billed CMS in violation of these requirements.”
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
American Water Works Company, which supplies drinking water and wastewater to 14 million customers, disclosed a breach of its computer networks and system due to a cybersecurity incident.
The Department of Justice joined a whistleblower lawsuit filed by two former Georgia Tech compliance officers who alleged that the institute violated the False Claims Act by knowingly failing to meet cybersecurity requirements in a Department of Defense contract.
Equiniti Trust Company has agreed to pay $850,000 to the Securities and Exchange Commission to settle allegations that its failed security measures allowed millions in client funds to be stolen in two cyber incidents.
Becton Dickinson medical device company will pay $175 million for “repeatedly” misleading investors about its Alaris infusion pump, a product the company knew was flawed and was sold without the required patient-safety approvals, the Securities and Exchange Commission said.
The Securities and Exchange Commission charged bankrupt fashion retailer Express with failing to disclose nearly $1 million in perks to a former chief executive, but did not levy a financial penalty thanks to its cooperation, the SEC said.
A Minnesota transportation company agreed to pay nearly $258,000 to settle allegations that a subsidiaries violated sanctions against Cuba and Iran more than 80 times, the U.S. Treasury Department’s Office of Foreign Assets Control said.
