Feds Fine Web Hosting Firm in Kids Insurance Site Hack

HIPAA/HITECH
,
Standards, Regulations & Compliance

DOJ: Vendor Failed to Patch, Secure Systems for 7 Years

Feds Fine Web Hosting Firm in Kids Insurance Site Hack
Federal prosecutors say Jelly Bean Communications Design failed to secure the Florida Healthy Kids website for kids’ medical and dental insurance.

A Florida company will pay nearly $300,000 to settle allegations stemming from a 2020 hacking incident that revealed the personal identifying information of hundreds of thousands of minors. The settlement with Jelly Bean Communications Design is part of a federal crackdown on lax cybersecurity.

See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion


The $293,771 settlement resolves civil litigation initiated by the federal government against Jelly Bean Communications Design and Jeremy Spinks – the company’s co-owner, manager and sole employee – after hackers gained access to half a million insurance applications for low-cost health and dental insurance for children aged between 5 and 18.

The Jelly Bean settlement is part of the Department of Justice’s Civil Cyber-Fraud Initiative launched in October 2021.

The effort targets federal contractors “when they fail to follow required cybersecurity standards,” Deputy Attorney General Lisa O. Monaco said at the time.

The state of Florida contracted with Jelly Bean in 2013 to manage the healthykids.org website for the Florida Healthy Kids Corp., the state-created entity that runs the national Children’s Health Insurance Program through a combination of federal and state money.

The settlement comes from allegations that Spinks submitted false claims – the falsity being that Jelly Bean asserted it would safeguard data covered by HIPAA.

Jelly Bean “knowingly failed to properly maintain, patch, and update the software systems, leaving the HealthyKids.org site and its data vulnerable to attack,” the Justice Department says.

“Billing

Read the rest