Contractor pays $300K to settle Medicare data breach • The Register

<!doctype html> <html lang="en"> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <title>Contractor pays $300K to settle Medicare data breach • The Register</title> <meta name="robots" content="max-snippet:-1, max-image-preview:standard, max-video-preview:0"> <meta name="viewport" content="initial-scale=1.0, width=device-width"/> <meta property="og:image" content="https://regmedia.co.uk/2024/10/17/shutterstock_medicare_feelgoodiam.jpg"/> <meta property="og:type" content="article" /> <meta property="og:url" content="https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/" /> <meta property="og:title" content="Contractor pays $300K to settle Medicare data breach" /> <meta property="og:description" content="Resolves allegations it improperly stored screenshots containing PII that were later snaffled" /> <meta name="twitter:card" content="summary_large_image"> <meta name="twitter:site" content="@TheRegister"> <script type="application/ld+json"> { "@context":"http://schema.org", "@type":"NewsArticle", "mainEntityOfPage":{"@type":"WebPage","@id":"https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/"}, "headline":"US contractor pays $300K to settle accusation it didn't properly look after Medicare users' data", "datePublished":"2024-10-16T23:15:11Z", "dateModified":"2024-10-17T07:49:19Z", "image":{"@type":"ImageObject","url":"https://regmedia.co.uk/2024/10/17/shutterstock_medicare_feelgoodiam.jpg","width":"1000","height":"750"}, "author":{"@type":"Person","name":"Connor Jones"}, "publisher":{"@type":"Organization","name":"The Register","url":"https://www.theregister.com/","logo":{"@type":"ImageObject","url":"https://www.theregister.com/design_picker/1fea2ae01c5036112a295123c3cc9c56eb28836a/graphics/std/red_logo_sans_strapline.png","width":330,"height":55}} } </script> <script> var RegZoot = { }; var RegCC = [ ]; var RegPageType = 'Story'; var RegTruePageType = 'www story'; </script> <link rel="canonical" href="https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/"> <link rel="amphtml" href="https://www.theregister.com/AMP/2024/10/16/us_contractor_pays_300k_in/"> <script src="/Design/javascript/html5shiv.min.js"></script> <script> // IE8 only polyfilly for eventListener // source: https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener#Compatibility !function(){if(Event.prototype.preventDefault||(Event.prototype.preventDefault=function(){this.returnValue=!1}),Event.prototype.stopPropagation||(Event.prototype.stopPropagation=function(){this.cancelBubble=!0}),!Element.prototype.addEventListener){var e=[],t=function(t,n){var o=this,r=function(e){e.target=e.srcElement,e.currentTarget=o,void 0!==n.handleEvent?n.handleEvent(e):n.call(o,e)};if("DOMContentLoaded"==t){var a=function(e){"complete"==document.readyState&&r(e)};if(document.attachEvent("onreadystatechange",a),e.push({object:this,type:t,listener:n,wrapper:a}),"complete"==document.readyState){var p=new Event;p.srcElement=window,a(p)}}else this.attachEvent("on"+t,r),e.push({object:this,type:t,listener:n,wrapper:r})},n=function(t,n){for(var o=0;o<e.length;){var r=e[o];if(r.object==this&&r.type==t&&r.listener==n){"DOMContentLoaded"==t?this.detachEvent("onreadystatechange",r.wrapper):this.detachEvent("on"+t,r.wrapper),e.splice(o,1);break}++o}};Element.prototype.addEventListener=t,Element.prototype.removeEventListener=n,HTMLDocument&&(HTMLDocument.prototype.addEventListener=t,HTMLDocument.prototype.removeEventListener=n),Window&&(Window.prototype.addEventListener=t,Window.prototype.removeEventListener=n)}}(); document.attachEvent("onreadystatechange", function() { if (document.readyState === "complete") { // list of icons we want <= IE8 to replace with their png equivalents var svg_icons_png_equiv = [ // masthead icons (twitter + facebook are also shared for footer): 'reg_logo.svg', 'twitter.svg', 'facebook.svg', 'linkedin.svg', // navigation bar icons: 'vulture.svg', 'vulture_white.svg', 'search.svg', 'search_white.svg', // footer icons: 'sitpub_footer.svg', 'linkedin_white.svg', 'rss.svg', // lectures section icons: 'reglecture_logo.svg', // story template icons: 'reddit.svg', 'linkedin_alt.svg', 'linkedin.svg', 'calendar.svg', 'location.svg', 'rect_comment_bubble_white.svg', 'rect_comment_bubble_black.svg', 'envelope.svg', 'polls_unit_arrow.svg' ]; for (i = 0; i <= svg_icons_png_equiv.length - 1; i++) { var svg_icon = svg_icons_png_equiv[i]; var img_svg_icons = $('img[src$="' + svg_icon + '"]'); img_svg_icons.each(function() { $(this).attr('src', $(this).attr('src').replace('.svg','.png')); }); } var ad_params = { src: 'https://regmedia.co.uk/2018/06/15/gg2b_book.png', href: 'https://forms.theregister.com/gg2b/?td=iaomwtkie78' }; bird_alternative('ad_wp_top', ad_params); } }); </script> <script> var RegArticle={id:236786,pf:0,af:0,bms:0,sec:'special_features/cybersecurity_month',cat:'update_me',ec:[],kw:[["cybercrime",'Cybercrime'],["cybersecurity",'Cybersecurity'],["data breach",'Data Breach'],["healthcare",'Healthcare'],["united states department of justice",'United States Department of Justice']],kwp:[["federal government of the united states",'Federal government of the United States'],["security",'Security']],short_url:'https://reg.cx/4eJ7',cp:0,noads:[],author:'Connor Jones'} </script> <link rel=stylesheet type="text/css" href="/css/cc505d8a9c7d5b65e77b9b6817007a0c7ceb9cec/scaffolding.css"> <link rel=stylesheet type="text/css" href="/css/cc505d8a9c7d5b65e77b9b6817007a0c7ceb9cec/design.css"> <style> #nav-special_features, #nav-special_features-cybersecurity_month { text-decoration: underline !important; } </style> <link rel='stylesheet' type='text/css' href='/css/cc505d8a9c7d5b65e77b9b6817007a0c7ceb9cec/story_only.css'> <link rel=stylesheet type="text/css" href="/css/cc505d8a9c7d5b65e77b9b6817007a0c7ceb9cec/rows_basic.css"> <link rel=alternate type="application/atom+xml" href="/headlines.atom" title="The Register: whole site"> <link rel=alternate type="application/atom+xml" href="/special_features/cybersecurity_month/headlines.atom" title="The Register: Cybersecurity Month section"> <script> var RegCR = false; </script> <script src="/design_picker/a0537627bb0ac577f9f5bb693a9d746f2d612798/javascript/_.js"></script> <script> RegGPT('reg_specialfeatures/cybersecuritymonth','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); </script> <script async src="https://www.googletagmanager.com/gtag/js"></script> <link rel=search href="https://search.theregister.com/"> <link rel=search type="application/opensearchdescription+xml" title="El Reg Search" href="/Design/page/search.osd"> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.ico" sizes="any"> <link rel="icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/favicon.svg" type="image/svg+xml"> <link rel="apple-touch-icon" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/apple-touch-icon.png"> <link rel="manifest" href="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/site.webmanifest"> <meta name="msapplication-TileColor" content="#ff0000"> <meta name="msapplication-config" content="/design_picker/13249a2e80709c7ff2e57dd3d49801cd534f2094/graphics/favicons/browserconfig.xml"> <meta name="theme-color" content="#ff0000"> <script src="/Design/javascript/respond.min.js"></script> </head> <body class="fullwidth" data-pagetype='Story' data-iebrowser='7' data-pagenum="0"> <div id="page"> <div data-oop="1" data-pos="top" data-raptor="kite" aria-hidden="true" class="adun"></div> <div id="masthead"> <div class="los_amigos"> <div class="left_nav"> <a id="mob_user_link" href="https://account.theregister.com/register/" aria-label="Your Account"> <img class="account_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_extents.svg" alt=""> <img class="filled_icon" width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_white_filled_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/user_icon_filled_white_extents.svg" alt=""> <span id="mob_user_text"><span>Sign in / up</span></span> </a> </div> <div class="center_nav"> <a href="https://www.theregister.com/" class="logo"> <span class="visually_hidden">The Register</span> </a> </div> <div class="right_nav"> <a href="https://search.theregister.com/" class="nav_search topnav_elem" data-name="Search" aria-label="Search"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/std/magnifying_glass_white_extents.svg" alt=""> </a> <div id="site_nav_mobile"> <noscript><div id="site_nav_mobile_hiding_stamp"></div></noscript> <button id="mobile_menu_toggle" aria-label="Open menu" type="button"> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_extents.svg" alt=""> <img width="16" height="16" src="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_16x16.png" srcset="/design_picker/ae01b183a707a7db8cd5f2c947715ed56d335138/graphics/icon/burger_menu_white_close_extents.svg" alt=""> </button> </div> </div> </div> <div id="top_panel_wrapper"> <div id="top_panel"> <div class="block_section nav"> <div class="nav_col first_col"> <div class="nav_top_group"> <div class="nav_topics"> <div class="nav_head_bk"> <h2 class="main_head">Topics</h2> </div> <div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem mob_only">Security</a> <h2 class="desk_only section_nav-security"> <a href="#subnav-box-nav-security" data-toggle-for="subnav-box-nav-security" class="topnav_elem desk_only">Security</a> </h2> </div> </div><div id="subnav-box-nav-security" class="subnav_box"><a href="https://www.theregister.com/security/" class="subnav_elem" id="nav-security-all"><span class="prefix_all">All </span>Security</a><a href="https://www.theregister.com/security/cyber_crime/" class="subnav_elem" id="nav-security-cyber_crime">Cyber-crime</a><a href="https://www.theregister.com/security/patches/" class="subnav_elem" id="nav-security-patches">Patches</a><a href="https://www.theregister.com/security/research/" class="subnav_elem" id="nav-security-research">Research</a><a href="https://www.theregister.com/security/cso/" class="subnav_elem" id="nav-security-cso">CSO</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem mob_only">Off-Prem</a> <h2 class="desk_only section_nav-off_prem"> <a href="#subnav-box-nav-off_prem" data-toggle-for="subnav-box-nav-off_prem" class="topnav_elem desk_only">Off-Prem</a> </h2> </div> </div><div id="subnav-box-nav-off_prem" class="subnav_box"><a href="https://www.theregister.com/off_prem/" class="subnav_elem" id="nav-off_prem-all"><span class="prefix_all">All </span>Off-Prem</a><a href="https://www.theregister.com/off_prem/edge_iot/" class="subnav_elem" id="nav-off_prem-edge_iot">Edge + IoT</a><a href="https://www.theregister.com/off_prem/channel/" class="subnav_elem" id="nav-off_prem-channel">Channel</a><a href="https://www.theregister.com/off_prem/paas_iaas/" class="subnav_elem" id="nav-off_prem-paas_iaas">PaaS + IaaS</a><a href="https://www.theregister.com/off_prem/saas/" class="subnav_elem" id="nav-off_prem-saas">SaaS</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem mob_only">On-Prem</a> <h2 class="desk_only section_nav-on_prem"> <a href="#subnav-box-nav-on_prem" data-toggle-for="subnav-box-nav-on_prem" class="topnav_elem desk_only">On-Prem</a> </h2> </div> </div><div id="subnav-box-nav-on_prem" class="subnav_box"><a href="https://www.theregister.com/on_prem/" class="subnav_elem" id="nav-on_prem-all"><span class="prefix_all">All </span>On-Prem</a><a href="https://www.theregister.com/on_prem/systems/" class="subnav_elem" id="nav-on_prem-systems">Systems</a><a href="https://www.theregister.com/on_prem/storage/" class="subnav_elem" id="nav-on_prem-storage">Storage</a><a href="https://www.theregister.com/on_prem/networks/" class="subnav_elem" id="nav-on_prem-networks">Networks</a><a href="https://www.theregister.com/on_prem/hpc/" class="subnav_elem" id="nav-on_prem-hpc">HPC</a><a href="https://www.theregister.com/on_prem/personal_tech/" class="subnav_elem" id="nav-on_prem-personal_tech">Personal Tech</a><a href="https://www.theregister.com/on_prem/cxo/" class="subnav_elem" id="nav-on_prem-cxo">CxO</a><a href="https://www.theregister.com/on_prem/public_sector/" class="subnav_elem" id="nav-on_prem-public_sector">Public Sector</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem mob_only">Software</a> <h2 class="desk_only section_nav-software"> <a href="#subnav-box-nav-software" data-toggle-for="subnav-box-nav-software" class="topnav_elem desk_only">Software</a> </h2> </div> </div><div id="subnav-box-nav-software" class="subnav_box"><a href="https://www.theregister.com/software/" class="subnav_elem" id="nav-software-all"><span class="prefix_all">All </span>Software</a><a href="https://www.theregister.com/software/ai_ml/" class="subnav_elem" id="nav-software-ai_ml">AI + ML</a><a href="https://www.theregister.com/software/applications/" class="subnav_elem" id="nav-software-applications">Applications</a><a href="https://www.theregister.com/software/databases/" class="subnav_elem" id="nav-software-databases">Databases</a><a href="https://www.theregister.com/software/devops/" class="subnav_elem" id="nav-software-devops">DevOps</a><a href="https://www.theregister.com/software/oses/" class="subnav_elem" id="nav-software-oses">OSes</a><a href="https://www.theregister.com/software/virtualization/" class="subnav_elem" id="nav-software-virtualization">Virtualization</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div><div class="nav_elem"> <div class="cat_header"> <div id="nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem mob_only">Offbeat</a> <h2 class="desk_only section_nav-offbeat"> <a href="#subnav-box-nav-offbeat" data-toggle-for="subnav-box-nav-offbeat" class="topnav_elem desk_only">Offbeat</a> </h2> </div> </div><div id="subnav-box-nav-offbeat" class="subnav_box"><a href="https://www.theregister.com/offbeat/" class="subnav_elem" id="nav-offbeat-all"><span class="prefix_all">All </span>Offbeat</a><a href="https://www.theregister.com/Debates/" class="subnav_elem" id="nav-offbeat-debates">Debates</a><a href="https://www.theregister.com/offbeat/columnists/" class="subnav_elem" id="nav-offbeat-columnists">Columnists</a><a href="https://www.theregister.com/offbeat/science/" class="subnav_elem" id="nav-offbeat-science">Science</a><a href="https://www.theregister.com/offbeat/geeks_guide/" class="subnav_elem" id="nav-offbeat-geeks_guide">Geek's Guide</a><a href="https://www.theregister.com/offbeat/bofh/" class="subnav_elem" id="nav-offbeat-bofh">BOFH</a><a href="https://www.theregister.com/offbeat/legal/" class="subnav_elem" id="nav-offbeat-legal">Legal</a><a href="https://www.theregister.com/offbeat/bootnotes/" class="subnav_elem" id="nav-offbeat-bootnotes">Bootnotes</a><a href="https://www.theregister.com/offbeat/site_news/" class="subnav_elem" id="nav-offbeat-site_news">Site News</a><a href="https://www.theregister.com/offbeat/about_us/" class="subnav_elem" id="nav-offbeat-about_us">About Us</a> <noscript><a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a></noscript> </div> </div> </nav> </div> </div> </div> <div class="nav_bottom_group"> <div class="nav_bottom_section nav_special_features"> <div class="nav_head_bk"> <a href="#subnav-box-nav-special_features" data-toggle-for="subnav-box-nav-special_features" id="nav-special_features" class="topnav_elem mob_only">Special Features</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Special Features</span> </h2> </div> <nav> <div class="nav_elem"> <div id="subnav-box-nav-special_features" class="subnav_box"> <a href="https://www.theregister.com/special_features">All Special Features</a> <a href="https://www.theregister.com/special_features/future_of_the_datacenter">The Future of the Datacenter</a> <a href="https://www.theregister.com/special_features/cybersecurity_month">Cybersecurity Month</a> <a href="https://www.theregister.com/special_features/vmware_explore">VMware Explore</a> <a href="https://www.theregister.com/special_features/cloud_infrastructure_month">Cloud Infrastructure Month</a> </div> </div> </nav> </div> <div class="nav_bottom_section nav_elem nav_vendor_voice"> <div class="nav_head_bk"> <h2 class="main_head"> <span class="topnav_elem desk_only">Vendor Voice</span> </h2> </div> <nav> <div class="nav_elem"> <div class="cat_header"> <div id="nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem mob_only">Vendor Voice</a> <h2 class="desk_only section_nav-tag-vendor-voice"> <a href="#subnav-box-nav-tag-vendor-voice" data-toggle-for="subnav-box-nav-tag-vendor-voice" class="topnav_elem desk_only">Vendor Voice</a> </h2> </div> </div> <div id="subnav-box-nav-tag-vendor-voice" class="subnav_box"> <a href="https://www.theregister.com/VendorVoice/" class="subnav_elem" id="nav-tag-vendor-voice-all"> <span class="prefix_all">All </span>Vendor Voice </a> <a href="https://www.theregister.com/VendorVoice/aws_source_fuse/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_source_fuse"> SourceFuse </a> <a href="https://www.theregister.com/VendorVoice/aws_new_horizon_financial_services/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_new_horizon_financial_services"> Amazon Web Services (AWS) New Horizon in Cloud Computing </a> <a href="https://www.theregister.com/VendorVoice/pure_storage_portworx/" class="subnav_elem" id="nav-tag-vendor-voice-vv_pure_storage_portworx"> Pure Storage </a> <a href="https://www.theregister.com/VendorVoice/aws_klika_tech/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_klika_tech"> Klika Tech </a> <a href="https://www.theregister.com/VendorVoice/aws_here/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_here"> HERE and AWS </a> <a href="https://www.theregister.com/VendorVoice/aws_ge_vernova_manufacturing/" class="subnav_elem" id="nav-tag-vendor-voice-vv_aws_ge_vernova_manufacturing"> GE Vernova with AWS </a> <a href="https://www.theregister.com/VendorVoice/google_cloud_data_transformation/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_cloud_data_transformation"> Google Cloud Data Transformation </a> <a href="https://www.theregister.com/VendorVoice/google_gemini/" class="subnav_elem" id="nav-tag-vendor-voice-vv_google_gemini"> Google Gemini </a> <noscript> <a href="#masthead" class="subnav_elem close_box" aria-label="Top navigation">(X)</a> </noscript> </div> </div> </nav> </div> <div class="nav_bottom_section nav_resources"> <div class="nav_head_bk"> <a href="#subnav-box-nav-resources" data-toggle-for="subnav-box-nav-resources" id="nav-resources" class="topnav_elem mob_only">Resources</a> <h2 class="main_head"> <span class="topnav_elem desk_only">Resources</span> </h2> </div> <nav id="top_nav"> <div class="nav_elem"> <div id="subnav-box-nav-resources" class="subnav_box"> <a href="https://whitepapers.theregister.com/">Whitepapers</a> <a href="https://whitepapers.theregister.com/events/list/">Webinars & Events</a> <a href="https://account.theregister.com/edit/newsletter/">Newsletters</a> </div> </div> </nav> </div> </div> </div> </div> </div> </div> </div> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="condor" data-xmd=",fluid,leaderboard," data-lg=",fluid,leaderboard," data-xlg=",fluid,superleaderboard,billboard,leaderboard," data-xxlg=",fluid,superleaderboard,billboard,brandwidth,leaderboard,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> <article> <div id=top-col-story> <div class="header_left"> <div class="cat_header"> <h4 class="dcl"> <a href="/special_features/cybersecurity_month/" aria-label="Cybersecurity Month">Cybersecurity Month</a> </h4> </div> <div class="comments_wrap mobile_only"> <a class="comment_count" aria-label="Read comments on this article, currently there are 7 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/10/16/us_contractor_pays_300k_in/"> <strong aria-hidden="true">7</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> </a> </div> </div> <div class="header_right"> <h1>US contractor pays $300K to settle accusation it didn't properly look after Medicare users' data</h1> </div> <div class="header_left"> <div class="comments_wrap desktop_only"> <a class="comment_count" aria-label="Read comments on this article, currently there are 7 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/10/16/us_contractor_pays_300k_in/"> <strong aria-hidden="true">7</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> </a> </div> </div> <div class="header_right"> <h2>Resolves allegations it improperly stored screenshots containing PII that were later snaffled</h2> <div class="byline_and_dateline_and_share_and_comments"> <div class="byline_wrap"> <img class="vulture_icon" src="/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_red.svg" alt="icon"> <a class="byline" href="/Author/Connor-Jones" title="Read more by this author"> Connor Jones </a> </div> <div class="dateline_wrap"> <span class="dateline"> Wed 16 Oct 2024 <span class="slashes"> // </span> 23:15 UTC </span> </div> </div> </div> </div> <div id=main-col> <div id="article-wrapper" class="article_wrap"> <div class="left_col"> <div class="floating_bar"> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_2"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=US%20contractor%20pays%20%24300K%20to%20settle%20accusation%20it%20didn%27t%20properly%20look%20after%20Medicare%20users%27%20data" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=US%20contractor%20pays%20%24300K%20to%20settle%20accusation%20it%20didn%27t%20properly%20look%20after%20Medicare%20users%27%20data&url=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=US%20contractor%20pays%20%24300K%20to%20settle%20accusation%20it%20didn%27t%20properly%20look%20after%20Medicare%20users%27%20data&summary=Resolves%20allegations%20it%20improperly%20stored%20screenshots%20containing%20PII%20that%20were%20later%20snaffled" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> <div class="promo_advert"> </div> </div> <div class="centre_col"> <div id="article"> <div id="body"> <p>A US government contractor will settle claims it violated cyber security rules prior to a breach that compromised Medicare beneficiaries' personal data.</p> <p>Virginia-based ASRC Federal Data Solutions (AFDS) signed a deal with the Justice Department this week agreeing to pay $306,722 in restitution, but without admitting liability for the allegations.</p> <p>AFDS also agreed to waive rights to reimbursement for the money it already spent remediating the data exposure. This includes the $877,578 spent notifying victims that their data had been leaked and offering credit monitoring.</p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="condor" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0" alt=""> </a> </noscript> </div> <p>"Government contractors that handle personal information must take required steps to safeguard that information from cyber attacks," declared Brian M Boynton, principal deputy assistant attorney general and head of the Justice Department's Civil Division. </p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="falcon" data-xmd=",fluid,mpu,leaderboard," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <div class="adun_eagle_desktop_story_wrapper"> <div aria-hidden="true" class="adun" data-pos="mid" data-raptor="eagle" data-xxlg=",mpu,dmpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> </div> <p>"We will vigilantly pursue contractors that fail to comply with required cyber security protocols, while at the same time extending cooperation credit where warranted for self-disclosure, cooperation, and remediation."</p> <p>The allegations concern a shift to the electronic handling of "certain Medicare support services" that AFDS provided to the <a target="_blank" href="https://www.theregister.com/2024/06/18/support_ends_change_healthcare/">Centers for Medicare and Medicaid Services</a> (CMS), specifically between March 10, 2021, and October 8, 2022. Previously handled in person using hard copies of documents, the shift to electronic record-keeping was made during the COVID-19 pandemic.</p> <div aria-hidden="true" class="adun" data-pos="top" data-raptor="falcon" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <p>The primary allegation in the case was that a subcontractor engaged by AFDS, whose servers were used to carry out the electronic task, wasn't compliant with the <a target="_blank" href="https://www.theregister.com/2024/01/10/us_hospitals_security_rules/">Department of Health and Human Services</a>' (HHS) cyber security requirements and ultimately allowed the break-in when data was snatched.</p> <p>According to the <a target="_blank" rel="nofollow" href="https://www.justice.gov/opa/media/1373401/dl">settlement agreement</a> [PDF], the subcontractor used disk-level encryption for files stored on the server but it was only configured to block access by those using invalid credentials. Anyone with valid credentials could have accessed the protected files.</p> <p>During the specified timeframe, the subcontractor allegedly took screenshots from CMS systems that contained personally identifiable information (PII). These screenshot files weren't encrypted individually and were later accessed by an unauthorized third party who was using valid credentials.</p> <div aria-hidden="true" class="adun" id="story_eagle_xsm_sm_md_xmd_lg_xlg" data-pos="mid" data-raptor="eagle" data-xsm=",mpu,dmpu," data-sm=",mpu,dmpu," data-md=",mpu,dmpu," data-xmd=",mpu,dmpu," data-lg=",mpu,dmpu," data-xlg=",mpu,dmpu,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0" alt=""> </a> </noscript> </div> <p>"The subcontractor's server was breached by a third party in October 2022 and the unencrypted screenshots were allegedly compromised during that breach," explained the Office of Public Affairs.</p> <p>The allegations were made by the US under the False Claims Act, and specifically relate to AFDS billing the CMS for "time spent taking, storing, and managing the unencrypted screenshots" – all while operating in alleged violation of the HHS's cyber security requirements.</p> <p>"Safeguarding patients' sensitive personal information is of paramount importance," asserted Stephen Niemczak, special agent in charge at the Department of Health and Human Services Office of the Inspector General (HHS-OIG). </p> <ul class="listinks"> <li><a href="https://www.theregister.com/2024/09/23/security_in_brief/">Apple's latest macOS release is breaking security software, network connections</a></li> <li><a href="https://www.theregister.com/2024/08/31/gpt_apps_data_collection/">GPT apps fail to disclose data collection, study finds</a></li> <li><a href="https://www.theregister.com/2024/08/05/national_public_data_lawsuit/">That cyber-heist of 2.9B personal records? There's a class-action lawsuit looming for that</a></li> <li><a href="https://www.theregister.com/2024/06/17/uks_total_fitness_exposed_nearly/">UK's Total Fitness exposed nearly 500K images of members, staff through unprotected database</a></li> </ul> <p>"This settlement demonstrates the commitment by HHS-OIG and our law enforcement partners to use every available tool to protect the healthcare data of all Americans and to investigate allegations of fraud, waste, and abuse against the public and taxpayer-funded healthcare programs."</p> <p>AFDS was credited in the agreement for its actions in the immediate aftermath of the breach, and the weeks that followed. </p> <p>It was said to have alerted the CMS within an hour of the subcontractor informing it of the situation, ordered a full review of its own security by third-party consultants, delivered additional security training to staff, and promptly responded to every Justice Department request. ®</p> <div class="wptl btm"> <noscript><strong>Get our</strong> <a href="https://whitepapers.theregister.com/" style="text-transform:uppercase">Tech Resources</a></noscript> </div> </div> <div class="article_body_btm mobile_only"> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> <span>Share</span> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_3"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=US%20contractor%20pays%20%24300K%20to%20settle%20accusation%20it%20didn%27t%20properly%20look%20after%20Medicare%20users%27%20data" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=US%20contractor%20pays%20%24300K%20to%20settle%20accusation%20it%20didn%27t%20properly%20look%20after%20Medicare%20users%27%20data&url=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=US%20contractor%20pays%20%24300K%20to%20settle%20accusation%20it%20didn%27t%20properly%20look%20after%20Medicare%20users%27%20data&summary=Resolves%20allegations%20it%20improperly%20stored%20screenshots%20containing%20PII%20that%20were%20later%20snaffled" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> </div> </div> <div class="right_col desktop_only"> <div class="similar_topics"> <div class="similar_topics"> <h4>More about</h4> <ul class="keywords"> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Cybersecurity/" > <span class="keyword_name"> Cybersecurity </span> </a> </li> <li> <a href="/Tag/Data%20Breach/" > <span class="keyword_name"> Data Breach </span> </a> </li> </ul> </div> <div class="keyword_wrap" style="display: none;"> <div class="keyword_trigger">More like these</div> </div> <div class="lightbox_overlay"> <div class="keyword_popup more_topics"> <div class="close">×</div> <div class="keyword_group similar_topics"> <h3>More about</h3> <ul class="keywords"> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Cybersecurity/" > <span class="keyword_name"> Cybersecurity </span> </a> </li> <li> <a href="/Tag/Data%20Breach/" > <span class="keyword_name"> Data Breach </span> </a> </li> <li> <a href="/Tag/Healthcare/" > <span class="keyword_name"> Healthcare </span> </a> </li> <li> <a href="/Tag/United%20States%20Department%20of%20Justice/" > <span class="keyword_name"> United States Department of Justice </span> </a> </li> </ul> </div> <div class="keyword_group child_topics"> <h3>Narrower topics</h3> <ul class="keywords"> <li> <a href="/Tag/FBI/" > <span class="keyword_name"> FBI </span> </a> </li> <li> <a href="/Tag/NCSC/" > <span class="keyword_name"> NCSC </span> </a> </li> <li> <a href="/Tag/Pfizer/" > <span class="keyword_name"> Pfizer </span> </a> </li> <li> <a href="/Tag/RSA%20Conference/" > <span class="keyword_name"> RSA Conference </span> </a> </li> <li> <a href="/Tag/Zero%20trust/" > <span class="keyword_name"> Zero trust </span> </a> </li> </ul> </div> <div class="keyword_group parent_topics"> <h3>Broader topics</h3> <ul class="keywords"> <li> <a href="/Tag/Federal%20government%20of%20the%20United%20States/" > <span class="keyword_name"> Federal government of the United States </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> </div> </div> </div> </div> <div class="right_col mobile_only"> <div class="similar_topics"> <h4>More about</h4> </div> </div> <div class="left_col main_content"> <div class="sharing_block"> <div class=article_body_btm> <div class="sharing_widget_story_desktop uses_overlay"> <button class="top_blob" aria-label="Share this story" title="Share this story"> <img width="25" height="25" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icons/social_share_icon.svg" alt=""> <span>Share</span> </button> <div class="sharing_widget_overlay" id="sharing_widget_overlay_4"> <div class="sharing_box"> <a data-social="reddit" href="https://www.reddit.com/submit?url=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=US%20contractor%20pays%20%24300K%20to%20settle%20accusation%20it%20didn%27t%20properly%20look%20after%20Medicare%20users%27%20data" target="_blank"> </a> <a data-social="twitter" class="twit" href="https://twitter.com/intent/tweet?text=US%20contractor%20pays%20%24300K%20to%20settle%20accusation%20it%20didn%27t%20properly%20look%20after%20Medicare%20users%27%20data&url=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister" target="_blank"> </a> <a data-social="facebook" class="faceb_dialog" href="https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook" target="_blank"> </a> <br class="hide_after_sm"> <a data-social="linkedin" class="linkedin_social" href="https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=US%20contractor%20pays%20%24300K%20to%20settle%20accusation%20it%20didn%27t%20properly%20look%20after%20Medicare%20users%27%20data&summary=Resolves%20allegations%20it%20improperly%20stored%20screenshots%20containing%20PII%20that%20were%20later%20snaffled" target="_blank"> </a> <a data-social="whatsapp" href="https://api.whatsapp.com/send?text=https://www.theregister.com/2024/10/16/us_contractor_pays_300k_in/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp" target="_blank"> </a> </div> </div> </div> </div> </div> </div> <div class="centre_col main_content"> <div class="comments "> <a class="comment_count" aria-label="Read comments on this article, currently there are 7 comments" title="View comments on this article" href="https://forums.theregister.com/forum/all/2024/10/16/us_contractor_pays_300k_in/"> <strong aria-hidden="true">7</strong> <img aria-hidden="true" width="18" height="16" alt="comment bubble on white" src="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.png" srcset="/design_picker/f5daacc84b9722c1e31ba85f836c37e4ad993fc4/graphics/icons/bubble_comment_white.svg"> COMMENTS </a> </div> </div> <div class="hidden_col mobile_only"> <div class="similar_topics"> <h4>More about</h4> <ul class="keywords"> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Cybersecurity/" > <span class="keyword_name"> Cybersecurity </span> </a> </li> <li> <a href="/Tag/Data%20Breach/" > <span class="keyword_name"> Data Breach </span> </a> </li> </ul> </div> <div class="keyword_wrap" style="display: none;"> <div class="keyword_trigger">More like these</div> </div> <div class="lightbox_overlay"> <div class="keyword_popup more_topics"> <div class="close">×</div> <div class="keyword_group similar_topics"> <h3>More about</h3> <ul class="keywords"> <li> <a href="/Tag/Cybercrime/" > <span class="keyword_name"> Cybercrime </span> </a> </li> <li> <a href="/Tag/Cybersecurity/" > <span class="keyword_name"> Cybersecurity </span> </a> </li> <li> <a href="/Tag/Data%20Breach/" > <span class="keyword_name"> Data Breach </span> </a> </li> <li> <a href="/Tag/Healthcare/" > <span class="keyword_name"> Healthcare </span> </a> </li> <li> <a href="/Tag/United%20States%20Department%20of%20Justice/" > <span class="keyword_name"> United States Department of Justice </span> </a> </li> </ul> </div> <div class="keyword_group child_topics"> <h3>Narrower topics</h3> <ul class="keywords"> <li> <a href="/Tag/FBI/" > <span class="keyword_name"> FBI </span> </a> </li> <li> <a href="/Tag/NCSC/" > <span class="keyword_name"> NCSC </span> </a> </li> <li> <a href="/Tag/Pfizer/" > <span class="keyword_name"> Pfizer </span> </a> </li> <li> <a href="/Tag/RSA%20Conference/" > <span class="keyword_name"> RSA Conference </span> </a> </li> <li> <a href="/Tag/Zero%20trust/" > <span class="keyword_name"> Zero trust </span> </a> </li> </ul> </div> <div class="keyword_group parent_topics"> <h3>Broader topics</h3> <ul class="keywords"> <li> <a href="/Tag/Federal%20government%20of%20the%20United%20States/" > <span class="keyword_name"> Federal government of the United States </span> </a> </li> <li> <a href="/Tag/Security/" > <span class="keyword_name"> Security </span> </a> </li> </ul> </div> </div> </div> </div> <div class="right_col main_content"> <div class="tip_off_widget"> <h4>TIP US OFF</h4> <p><a href="https://www.theregister.com/Profile/contact/" target="_blank">Send us news</a></p> </div> </div> </div> </div> </article> <hr id=story_section_break> <div id=story-bot-col> <h3 style="position:absolute;color:transparent;z-index:-1;">Other stories you might like</h3> <div id="aua" data-unit-type="aua" class="keepreading"> <div class=headlines> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2025/02/12/google_state_cybercrime_report/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Crimelords and spies for rogue states are working together, says Google</h4> <div class=standfirst>Only lawmakers can stop them. Plus: software needs to be more secure, but what's in it for us?</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="12 Feb 2025 13:29" data-epoch="1739366974">12 Feb 2025</span> | <span class="comment light_bg_comments">21</span></div> </div> </a> </article> <article> <a href="/2025/02/19/decadeold_healthcare_security_snafu_settled/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Healthcare outfit that served military personnel settles allegations it faked infosec compliance for $11M</h4> <div class=standfirst>If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="19 Feb 2025 1:14" data-epoch="1739927651">19 Feb 2025</span> | <span class="comment light_bg_comments">8</span></div> </div> </a> </article> <article> <a href="/2025/02/03/backdoored_contec_patient_monitors_leak_data/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Medical monitoring machines spotted stealing patient data, users warned to pull the plug ASAP</h4> <div class=standfirst> <span class="label">Infosec in brief</span> PLUS: MGM settles breach suits; AWS doesn't trust you with security defaults; A new .NET backdoor; and more</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="3 Feb 2025 2:2" data-epoch="1738548126">3 Feb 2025</span> | <span class="comment light_bg_comments">9</span></div> </div> </a> </article> <article> <a href="/2024/12/04/a_rethink_of_parental_leave/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>A rethink of parental leave policy</h4> <div class=standfirst>IT workers and programmers set to benefit as Sandvik implements HR reboot</div> <div class=time_comments><span class="section_name">Sponsored Feature</span></div> </div> </a> </article> </div> <div aria-hidden="true" class="adun" data-pos="btm" data-raptor="hawk" data-xsm=",fluid,mpu," data-sm=",fluid,mpu," data-md=",fluid,mpu," data-xmd=",fluid,leaderboard,mpu," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,mpu,leaderboard,"> <noscript> <a href="https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=6&c=66Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D6%26raptor%3Dhawk%26pos%3Dbtm%26test%3D0" target="_blank"> <img src="https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_specialfeatures/cybersecuritymonth&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=6&c=66Z7i7KVPLBgOPLAjC-o5vZAAAAE4&t=ct%3Dns%26unitnum%3D6%26raptor%3Dhawk%26pos%3Dbtm%26test%3D0" alt=""> </a> </noscript> </div> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2025/02/06/democrat_trump_admin_letter/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Dems want answers on national security risks posed by hiring freeze, DOGE probes</h4> <div class=standfirst> <span class="label">Updated</span> Are cybersecurity roles included? Are Elon's enforcers vetted? Inquiring minds want to know</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="6 Feb 2025 18:30" data-epoch="1738866608">6 Feb 2025</span> | <span class="comment light_bg_comments">35</span></div> </div> </a> </article> <article> <a href="/2025/02/10/us_newspapers_lee_enterprises_cyberattack/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>US news org still struggling to print papers a week after 'cybersecurity event'</h4> <div class=standfirst>Publications across 25 states either producing smaller issues or very delayed ones</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="10 Feb 2025 13:5" data-epoch="1739192726">10 Feb 2025</span> | <span class="comment light_bg_comments">9</span></div> </div> </a> </article> <article> <a href="/2025/02/10/infosec_in_brief/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>DeepSeek's iOS app is a security nightmare, and that's before you consider its TikTok links</h4> <div class=standfirst> <span class="label">Infosec In Brief</span> PLUS: Spanish cops think they've bagged NATO hacker; HPE warns staff of data breach; Lazy Facebook phishing, and more!</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="10 Feb 2025 2:30" data-epoch="1739154615">10 Feb 2025</span> | <span class="comment light_bg_comments">23</span></div> </div> </a> </article> <article> <a href="/2025/02/07/uk_cyber_monitoring_centre/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>UK industry leaders unleash hurricane-grade scale for cyberattacks</h4> <div class=standfirst>Freshly minted organization aims to take the guesswork out of incident severity for insurers and policy holders</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="7 Feb 2025 11:47" data-epoch="1738928829">7 Feb 2025</span> | <span class="comment light_bg_comments">7</span></div> </div> </a> </article> </div> <div class="img_lite_srow img_lite_rt-1b"> <article> <a href="/2025/02/04/cyberattack_on_nhs_hospitals_sees/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Cyberattack on NHS causes hospitals to miss cancer care targets</h4> <div class=standfirst>Healthcare chiefs say impact will persist for months</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="4 Feb 2025 11:44" data-epoch="1738669447">4 Feb 2025</span> | <span class="comment light_bg_comments">12</span></div> </div> </a> </article> <article> <a href="/2025/02/17/infosec_news_in_brief/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Twin Google flaws allowed researcher to get from YouTube ID to Gmail address in a few easy steps</h4> <div class=standfirst> <span class="label">Infosec In Brief</span> PLUS: DOGE web design disappoints; FBI stops crypto scams; Zacks attacked again; and more!</div> <div class=time_comments> <span class="section_name">Security</span><span class="time_stamp" title="17 Feb 2025 2:25" data-epoch="1739759106">17 Feb 2025</span> | <span class="comment light_bg_comments">12</span></div> </div> </a> </article> <article> <a href="/2025/02/14/postgresql_bug_treasury/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Critical PostgreSQL bug tied to zero-day attack on US Treasury</h4> <div class=standfirst>High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further</div> <div class=time_comments> <span class="section_name">Research</span><span class="time_stamp" title="14 Feb 2025 14:19" data-epoch="1739542799">14 Feb 2025</span> | <span class="comment light_bg_comments">21</span></div> </div> </a> </article> <article> <a href="/2025/02/11/sim_swapped_guilty_plea/?td=keepreading" class=story_link> <div class="article_text_elements"> <h4>Man who SIM-swapped the SEC's X account pleads guilty</h4> <div class=standfirst>Said to have asked search engine 'What are some signs that the FBI is after you?'</div> <div class=time_comments> <span class="section_name">Cyber-crime</span><span class="time_stamp" title="11 Feb 2025 16:15" data-epoch="1739290508">11 Feb 2025</span> | <span class="comment light_bg_comments">9</span></div> </div> </a> </article> </div> </div> <div aria-hidden="true" class="adun" data-pos="btm" data-raptor="owl" data-xsm=",fluid,mpu,dmpu," data-sm=",fluid,mpu,dmpu," data-md=",fluid,mpu,dmpu," data-xmd=",fluid,leaderboard,mpu," data-lg=",fluid,mpu,leaderboard," data-xlg=",fluid,billboard,superleaderboard,mpu,leaderboard," data-xxlg=",fluid,billboard,superleaderboard,brandwidth,brandimpact,mpu,leaderboard,"></div> </div> </div><div id=footer> <div class="footer_slogan"> <div class="footer_wrapper"> <p>The Register <img class="vulture_icon" src="/design_picker/d518b499f8a6e2c65d4d8c49aca8299d54b03012/graphics/icon/vulture_white.png" alt="icon"> Biting the hand that feeds IT</p> </div> </div> <div class="footer_wrapper"> <div class=foot_wrapper> <div class="left_block"> <div class="foot_list"> <h4>About Us<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/contact/">Contact us</a></li> <li><a target=_blank rel=noopener href="https://www.theregister.com/AdvertiseWithUs/">Advertise with us</a></li> <li><a href="https://www.theregister.com/Profile/about_the_register/">Who we are</a></li> </ul> </div> <div class="foot_list more_us"> <h4>Our Websites<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.nextplatform.com/">The Next Platform</a></li> <li><a href="https://devclass.com/">DevClass</a></li> <li><a href="https://blocksandfiles.com/">Blocks and Files</a></li> </ul> </div> <div class="foot_list privacy"> <h4>Your Privacy<img loading="lazy" width="7" height="11" alt="" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/icon/footer_mob_nav_arrow_black.svg" class="expand_arrow"></h4> <ul> <li><a href="https://www.theregister.com/Profile/cookies/">Cookies Policy</a></li> <li><a href="https://www.theregister.com/Profile/privacy/">Privacy Policy</a></li> <li><a href="https://www.theregister.com/Profile/terms_and_conditions_of_use/">Ts & Cs</a></li> </ul> </div> </div> <div class="right_block"> <div class="foot_list"> <a href="https://situationpublishing.com/" id="sitpub_logo"> <img loading="lazy" width="250" alt="Situation Publishing" src="/design_picker/d2e337b97204af4aa34dda04c4e5d56d954b216f/graphics/std/sitpublogo_2022.png"> </a> <p> Copyright. All rights reserved © 1998–2025 </p> </div> </div> <noscript><img width="1" height="1" src="/Design/graphics/std/transparent_pixel.png" alt="no-js"></noscript> </div> </div> </div> <div id=end_scripts> <script> if (typeof(ElReg.Ga.sendPageView) === 'function') { ElReg.Ga.sendPageView('reg_specialfeatures/cybersecuritymonth','0df13fad2ea597c71ae99fa84c3f976d','0df13fad2ea597c71ae99fa84c3f976d'); } </script> <script> $(function() { RegUtils.set_bucket_group(235) }); </script> </div> </div> </body> </html>

CINXE.COM

Contractor pays $300K to settle Medicare data breach • The Register