News

SuperCare Health Faces Lawsuit for Having “Incompetent Security Measures” to Stop Data Breach

Richard Marley
April 19, 2022
3 minutes read
1379

Plaintiff filed a lawsuit against SuperCare Health in the US Central District of California and alleged the firm has “Incompetent Security Measures” to Stop Data Breach.

California-based SuperCare Health is facing a lawsuit in the wake of the July 2021 data breach. SuperCare has recently revealed that around 318,379 data records were compromised making it one of the biggest medicare data breaches reported in 2022.

According to SuperCare Health, cybercriminals accessed the organisation’s database with authorization between July 23 and July 27. The bad actors gained access to the personally identifiable information (PII) including names, health insurance information, address, medical record numbers, date of birth, patient account numbers, insurance claim information, patient treatment information and medicare group information.

However, in a lawsuit filed in the US Central District of California, plaintiff Vickey Angulo alleged the health organisation for failure to prevent the data breach along and implement effective cybersecurity protection measures, “despite the fact that data breach attacks against medical systems and healthcare providers are at an all-time high.”

“Upon information and belief, the mechanism of the cyberattack and potential for improper disclosure of Plaintiff’s and Class Members’ Private Information was a known risk to Defendant, through frequent news reports and FBI warnings to the healthcare industry, and thus it was on notice that failing to take steps necessary to secure the Private Information from those risks left the property in a dangerous and vulnerable condition,” the filing stated.

However, with the access to the patient information, the lawsuit also included that the cybercriminals can also open new financial accounts through synthetic identities, use class members’ information to obtain government benefits, and get fake diver licenses in the victim’s names.

The plaintiff also argued that SuperCare’s breach notice provided “scant detail about the nature, severity or duration of the attack.”

SuperCare described the incident as “unauthorized activity” and said that an unknown party gained access to certain systems on its network “failed to adequately adapt and train its employees on even the most basic of information security protocols.”

Moreover, the plaintiff also noted that the health firm notifies victims of the data breach in March, months after it occurred. SuperCare’s notice explained that its investigation concluded on February 4, 2022. Additionally, the firm was also alleged to violate HIPAA and Federal Trade Commission (FTC) guidelines and failed to comply with the NIST security requirements.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
Qatar Takes Steps to Strengthen its AML/CFT and Sanctions Compliance
A webinar organised by ICC Qatar emphasised the efforts of Qatar to strengthen its AML/CFT and sanctions compliance across financial and non-financial sectors.

The International Chamber of Commerce Qatar (ICC Qatar), held a webinar on “Spotlight on the latest risk and financial crime trends” in collaboration with Refinitiv Protiviti and FinScan on 18th May.

Keynote presentations were given in the virtual event by Nipun Srivastava, Managing Director and the Middle East Leader of Financial Crime and Regulatory Advisory Practice at Protiviti, Marina Agathangelou, Customer Success Manager at Refinitiv, and Ibrahim Doubli, Regional Director, Middle East & Africa at FinScan Compliance & Data Quality Solutions.

Depicting the latest events in Eastern Europe, and how the problems related to data security with advanced matching technology can help in making the risk and compliance measures of the company more robust, major attention was paid to Financial Action Task Force (FATF) Mutual Evaluations inspections of the Gulf Cooperation Council (GCC); the sanctions and the recent financial frauds trends in the webinar.

Srivastava told the participants about the actions Qatar has been implementing to strengthen its AML/CFT and sanctions compliance framework across various financial and non-financial institutions.

Agathangelou said the Mutual Evaluation is just an initial phase of work to prepare the country to combat current and emerging financial threats. With the implication of the automation/machine learning based programs, Qatar will be able to invest its resources efficiently in combating financial frauds.

“Implementation of the Public Private Partnerships among the National Anti-Money Laundering and Terrorism Financing Committee (NAMLC), Qatar Central Bank (QCB), Financial Information Unit (FIU) and other bodies may bring out the best industry tools for aiding the government to complete their national agenda” added Agathangelou.

Doubli showed appreciation towards the ICC Qatar for conducting an effective webinar while saying “I look forward to continuing working with the institutions in Qatar in their efforts to comply with fast-changing local and global regulations”.

Suggested Read: China Strengthens Anti-Money Laundering Rules for Financial Institutions

Recent Posts

Blog
AML Compliance for the Crypto Sector - How VASPs Can Adhere to the Regulations
With cryptocurrencies gaining traction and entering the mainstream, financial regulators are assessing the risks related to financial crimes like money laundering and terrorist financing. The question is how crypto firms can design and implement a solution that essentially improves their oversight on transactions and transfers of digital currencies.

Crypto firms not only need to analyse the risks associated with their customers but also need to consider the upcoming trends, use cases, and regulatory updates. That’s not all, the biggest challenge is the threats emerging from anonymous transactions made through crypto wallets or Bitcoin ATMs.

Cryptocurrencies and AML Compliance

Cryptocurrencies are growing in terms of both popularity and adoption with innovations in the technology that makes the financial system work. However, these developments do not come without risks, as financial experts believe that the main weak point of the digital currency sector is the lack of sufficient AML compliance regulations. Initially, the best practices to prevent fraud and eliminate money laundering in the crypto sector seem to be the same as those implemented by traditional banks and financial institutions.

That being said, the most fundamental step toward combating financial crimes is a risk-based approach that helps the given crypto firm detect fraudulent entities before they affect any of their operations. Considering the repetitive regulatory updates for the crypto sector, it is even more important for virtual asset service providers (VASPs) to implement a risk-based approach. For instance, criminal activities like money muling are a common problem for all businesses dealing in any kind of monetary transaction.

Challenges Faced by Crypto Firms

By far the biggest challenge that crypto firms face is the added risk of the methods used by financial criminals like money launderers to make anonymous transactions, including off-chain transactions. Another concern is the loyalty of the employees working at crypto firms, which becomes a problem because the salary expectation of experience compliance officials is higher than what a growing crypto firm offers. No matter what position an official is working on, it is equally important for them to consider AML requirements and analyse the risks associated with their customers’ transactions.

In particular, employees that are directly involved with matters that can be questioned by regulators must consider all relevant pain points. With the growth of crypto firms, compliance professionals need to determine the potential conflicts within teams and manage the communication with stakeholders so that everyone is on the same page.

Furthermore, there are other crucial aspects of crypto operations including the technologies to be used. It often happens that crypto firms that aren’t well-established deploy tech solutions that are based on the concept of one solution for every problem. For this reason, instead of looking for automation and outsourcing operations, crypto firms must incorporate robust solutions for identity verification, AML screening, and transaction monitoring.

Crypto AML Regulations

AML regulations that are imposed on crypto firms throughout the world are more or less similar in the sense that the global trends in the crypto sector are the same. Crypto firms that operate in more than one country or jurisdiction need to analyse the slight difference in trends of both the markets.

US and Canada’s Crypto AML Regulations

In the US, the 2020 Anti-Money Laundering Act (AMLA) included service providers that deal with virtual assets and digital assets within the scope of the Bank Secrecy Act. After the implementation, crypto regulations in the US are coming in at a fast pace. In March this year, President Biden signed an Executive Order on Ensuring Responsible Development of Digital Assets (EO). Similarly, Canada’s crypto service providers are considered issuers of securities, and dealers in virtual currencies must register as money service businesses (MSBs). Additional requirements are set out in Canada’s Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations (PCMLTFRs) impose additional requirements.

Europe’s Crypto AML Regulations

In the EU, crypto regulations are issued by the 5th Anti-Money Laundering Directive, which included exchanges between crypto and fiat currencies within the scope of AML rules. That being said, the EU is working on introducing a new AML/CFT regulation that is aimed at bringing new important conditions for virtual asset service providers. The UK government has also introduced new plans to create a global crypto technology hub in the country, including the adoption of stablecoins as a payment method. The government is also identifying the risks associated with virtual assets in an effort to analyse the effectiveness of the economic crime legislation. The Financial Conduct Authority has also sent letters to crypto firms to mitigate risks.

Asia Pacific’s Crypto AML Regulations

The Australian Securities and Investment Commission (ASIC) treats cryptocurrencies as financial assets or as consumer assets that are being governed by the Australian Competition and Consumer Commission (ACCC). Digital cryptocurrency exchanges as well as Cryptoasset Secondary Service Providers (CASSPrs) are obliged to get registered with AUSTRAC for anti-money laundering and countering terrorism financing regulations.

Whereas, in Singapore, cryptocurrencies are governed under the Payment Services Act (PSA) as Digital Payment Tokens (DPTs) and the virtual asset service providers are regulated as Digital Payment Token Services (DPTS). Additionally, every crypto exchange needs to comply with the Monetary Authority of Singapore (MAS) standards. However, the government has also recently legislated the Financial Services and Markets Bill 2022 which also comes into the scope of local regulations for cryptocurrency exchanges that are been operating in the country but are offering services cross-border. Moreover, this recently emerged bill also increase the authority of MAS as well as introduced new licensing requirements for exchanges.

What Shufti Pro Offers

Anti-Money Laundering screening involves the verification of an end-user by screening them against watch lists compiled by regulatory authorities such as the FATF, UN, FINTRAC, AUSTRAC, and others. It involves authenticating the user information against criminal watch lists, global sanctions, and Politically Exposed Person (PEP) lists. As a result, fraudulent customers are detected and compliance targets are easily met.

To prevent instances of money laundering and similar financial crimes, cryptocurrency exchanges must have adequate AML checks and KYC procedures in place. These practices have not only been endorsed by global regulatory authorities but have shown encouraging results in the real world as well. As cryptocurrency adoption is showing no signs of slowing down, firms must invest in the right AML solutions to streamline compliance and fraud detection processes.

Want to learn more about AML Compliance for cryptocurrencies?

Talk to us

SuperCare Health Faces Lawsuit for Having “Incompetent Security Measures” to Stop Data Breach

Cryptocurrencies and AML Compliance

Challenges Faced by Crypto Firms

Crypto AML Regulations

US and Canada’s Crypto AML Regulations

Europe’s Crypto AML Regulations

Asia Pacific’s Crypto AML Regulations

What Shufti Pro Offers

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.