Government contractor fined $307K after third-party hack compromised personal data
By 
Aaron Nicodemus2024-10-16T15:34:00
It was a double whammy of cybersecurity no-nos for a federal contractor hit with a data breach: The personal data of Medicare beneficiaries contained in unencrypted screenshots were allegedly compromised when their third-party vendor’s server was hacked.
Virginia-based ASRC Federal Data Solutions (AFDS) agreed to pay nearly $307,000 to the Department of Justice to settle a False Claims Act (FCA) violation related to the breach, the DOJ said in a press release Wednesday. The company also agreed to waive more than $877,000 in costs it incurred notifying beneficiaries and providing credit monitoring.
The DOJ alleged that the storing of screenshots on the third-party vendor’s server violated cybersecurity requirements of the company’s contract with the Centers for Medicare and Medicaid Services (CMS), and that AFDS “knowingly billed CMS in violation of these requirements.”
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefDOJ fines MORSE Corp $4.6M for lax cyber controls amid crack down on federal contractors
Yet another government contractor has been slapped with a fine by the Department of Justice for applying lax cybersecurity defenses on sensitive government data.
-
News BriefDOJ orders Lockheed Martin to pay $30M over defective pricing on F-35 contracts
The Department of Justice announced it reached a settlement with Lockheed Martin stemming from allegations of “defective pricing on contracts for F-35 military aircraft.” The deal comes days after Attorney General Pam Bondi was confirmed by the Senate, which will shift the DOJ’s focus away from white-collar misconduct.
-
News BriefAmerican Water Works discloses probe into cybersecurity breach
American Water Works Company, which supplies drinking water and wastewater to 14 million customers, disclosed a breach of its computer networks and system due to a cybersecurity incident.
More from Regulatory Enforcement
-
News BriefSEC drops Morgan Stanley cash sweep case: Sign of the times?
A decision by the Securities and Exchange Commission to close an investigation into the cash sweep program at Morgan Stanley may affect decision-making at other financial institutions under similar scrutiny.
-
News BriefBuy now, pay later firms catch a break as CFPB backs off enforcement
The U.S. Consumer Financial Protection Bureau (CFPB) signaled a softer regulatory approach last month, easing its investigation of financial firms following the U.S. government’s broader efforts under President Donald Trump to scale back regulatory enforcement on businesses. The agency reaffirmed this pivot as it will ease scrutiny of “Buy Now, ...
-
News BriefUBS to pay $511 million fine over Credit Suisse tax case, exposing compliance gaps
A significant settlement in a U.S. tax fraud case against Credit Suisse contains numerous compliance lessons related to beneficial ownership and due diligence in mergers and acquisitions.