Web hosting provider fined $300,000 in data security case

Web hosting provider fined 0,000 in data security case

A website hosting provider has agreed to pay nearly $300,000 over allegations that it failed to protect sensitive data on a federally funded online service for children. It is believed that files belonging to half a million health insurance claimants were hacked as a result.

Jelly Bean Communications Design was charged under the False Claims Act after it was found that data stored between 2014 and 2020 on the website, used by parents of children ages 5 to 17 in Florida to apply for children’s health insurance, were not properly guarded.

Jelly Bean had been contracted in 2013 by state health and dental insurance provider Florida Healthy Kids Corporation (FHKC) to curate HealthyKids.org and “related websites,” said the US Department of Justice (DoJ), which announced the settlement.

Jeremy Spinks, Jelly Bean’s sole operator and co-owner, appears to have escaped a lawsuit that could have landed him behind bars, but is now responsible for paying $293,771 in damages under the agreement reached in a court in Florida.

Bag duty ignored, claims DoJ

The DoJ alleges that “contrary to its representations in agreements and invoices, Jelly Bean did not provide secure hosting of applicants’ personal information and instead deliberately failed to properly maintain, patch and update its software systems.”

This left HealthyKids.org and its related websites and data collected by Jelly Bean from users open to a cyberattack — a threat the DoJ said was realized in 2020 when more than 500,000 insurance applications sent to the site were “disclosed to have been hacked, potentially exposing applicants’ personal identifying information and other data.”

The case against Jelly Bean accuses it of running several outdated and therefore vulnerable apps in breach of the duty of care it signed when it agreed to contract for FHKC. In some cases, software had not been patched, that is, fixed for vulnerabilities, since the year the agreement took effect, the DoJ added.

Shortly after the alleged hacking incident, the websites in question were closed by FHKC.

Zero tolerance for negligence

“Government contractors responsible for handling personal information must ensure that such information is appropriately protected,” DoJ Deputy Assistant Attorney General Brian Boynton said. “We will use the False Claims Act to hold companies and their management accountable when they knowingly fail to comply with their cybersecurity obligations and put sensitive information at risk.”

“Protecting patients’ medical and other personal information is critical,” said United States Attorney Roger Handberg for the Middle District of Florida. “This settlement demonstrates my office and our partners’ commitment to using every tool available to protect Americans’ health care.”

Although Spinks avoided a prison sentence, the DoJ suggested that the settlement with Jelly Bean marks a victory for the Civil Cyber ​​Fraud Initiative, created in 2021 “to hold accountable entities or individuals who put United States information or systems at risk by knowingly providing inadequate cybersecurity products or services’ in breach of their obligations.

More from Cybernews:

Woman in a man’s world: how Finnish nursing student became a cyber security star

Key aerospace players leak sensitive data

Alphabet Unveils New ChatGPT Rival “Claude”

OpenAI launches its next generation model ChatGPT-4

Meta will lay off 10,000 employees in the second round of job cuts

Subscribe to our newsletter

See also  Android Application Hacking - Security Boulevard

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *