SuperCare Health Faces Lawsuit for Having “Incompetent Security Measures” to Stop Data Breach

Richard Marley
April 19, 2022
3 minutes read
1382

Plaintiff filed a lawsuit against SuperCare Health in the US Central District of California and alleged the firm has “Incompetent Security Measures” to Stop Data Breach.

California-based SuperCare Health is facing a lawsuit in the wake of the July 2021 data breach. SuperCare has recently revealed that around 318,379 data records were compromised making it one of the biggest medicare data breaches reported in 2022.

According to SuperCare Health, cybercriminals accessed the organisation’s database with authorization between July 23 and July 27. The bad actors gained access to the personally identifiable information (PII) including names, health insurance information, address, medical record numbers, date of birth, patient account numbers, insurance claim information, patient treatment information and medicare group information.

However, in a lawsuit filed in the US Central District of California, plaintiff Vickey Angulo alleged the health organisation for failure to prevent the data breach along and implement effective cybersecurity protection measures, “despite the fact that data breach attacks against medical systems and healthcare providers are at an all-time high.”

“Upon information and belief, the mechanism of the cyberattack and potential for improper disclosure of Plaintiff’s and Class Members’ Private Information was a known risk to Defendant, through frequent news reports and FBI warnings to the healthcare industry, and thus it was on notice that failing to take steps necessary to secure the Private Information from those risks left the property in a dangerous and vulnerable condition,” the filing stated.

However, with the access to the patient information, the lawsuit also included that the cybercriminals can also open new financial accounts through synthetic identities, use class members’ information to obtain government benefits, and get fake diver licenses in the victim’s names.

The plaintiff also argued that SuperCare’s breach notice provided “scant detail about the nature, severity or duration of the attack.”

SuperCare described the incident as “unauthorized activity” and said that an unknown party gained access to certain systems on its network “failed to adequately adapt and train its employees on even the most basic of information security protocols.”

Moreover, the plaintiff also noted that the health firm notifies victims of the data breach in March, months after it occurred. SuperCare’s notice explained that its investigation concluded on February 4, 2022. Additionally, the firm was also alleged to violate HIPAA and Federal Trade Commission (FTC) guidelines and failed to comply with the NIST security requirements.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
Fraudsters Target UK's £400 Energy Bill Support Scheme through Scam Texts
Fraudsters are taking advantage of the support program initiated for people to lessen the burden of soaring electricity and gas prices. Using links of a fake website, scammers urge people to hand over their personal information and bank details.

The UK government warns citizens about a fake text message fraud that’s spreading to loot innocent people. The fraudsters claim to be a part of the government. This text scam invites people to apply for the £400 energy bill support scheme and get some relief in their bills.

Scammers took advantage of new support that has been put in place as a part of the package of measures set to lessen the burden of increasing electricity and gas prices.

Kicked in on 1 October, the energy price guarantee limit the rise in gas and electricity units’s cost lower as compared to their market value for protecting consumers. It’s automatically delivered through suppliers.

Whereas in the elctrucity bill for the month of October, households will receive instalment of the £400 Energy Bill Support Scheme. For most of the users, the support of £400 will be applied monthly in six instalments from October 2022 to March 2023 with those who pay through debit seeing it deducted from their energy payments.

Fraudsters are taking advantage of the scheme with messages that urge people to “apply.” They are give fake links and representing themselves as government officials. There, people are urged to give their personal data including bank information.

Offciials gave a warning and said that they have received 139 reports about scam text messages. They said, “You do not need to apply for the scheme, or provide any bank details.”

The government warned people to stay alert to such fraudulent messages. According to officials, “There is no need to apply for the schemes, with most customers receiving today’s support automatically through their electricity bill.”

Jacob Rees-Mogg, Business and Energy Secretary said, “I urge people today to stay alert to scams. This support will reach people automatically and there is no need to apply.”

He said that it was an extraordinary financial help offered to people that will protect businesses as well as households “across the country from what was going to be an 80 per cent increase in energy bills this winter”. Consumers have been told to report any such scam to 7726.

Suggested Read: Gamers Must Be Aware of long-Scale Click Fraud Campaign- Says Microsoft

Recent Posts

Blog
Know Your Customer - Addressing the Risks of Financial Crimes in Challenger Banks
With emerging technologies, financial services are witnessing a digital revolution that is changing the overall structure of the existing system. Especially after the COVID-19 pandemic, customer trends have demonstrated a clear preference for online services instead of visiting on-site offices or banks to perform daily transactions. In the same way, challenger banks have emerged in the financial services paradigm, bringing digital innovation while offering seamless customer onboarding. On a global scale, financial companies are adopting challenger banks for all of their monetary operations and transactions.

The challenger bank market size was valued at $28 billion in 2021 and is expected to reach $279 billion by 2028. It is quite evident from the figures that users are adopting challenger banks due to ease of account opening and attractive online services provided by the institutions. On the other hand, this type of digital banking is also associated with risks of identity theft, money laundering, and financial crimes, which need to be addressed through proper identity verification measures.

Challenger Banks – An Overview

Challenger banks are small retail banks that have joined the economic system in the recent few years. In a short time, they have established themselves to compete with other existing banks. Challenger banks offer a large number of outstanding services to the customers, which is the primary reason behind the popularity of this model of banking. Most of the challenger banks do not have on-site branches, which allows them to save considerable cost and invest it into other crucial services like customer support, mobile app development, and speedy transactions. All these attractive services create an outstanding user experience that eventually leads to increased use of challenger banks.

Revolut and Atom banks are considered the pioneers in digital banking, launched in the UK in 2014. Currently, there are 23 challenger banks in the UK that are providing exceptional services and their trend is increasing every year. All these banks have mobile apps through which the users can perform all of their financial transactions. The system is quite efficient in providing instant updates related to account balance, giving all the financial management to the customers’ hands.

Vulnerabilities of Challenger Banks to Financial Crimes

With the increased use of digital banking, the adoption of challenger banks by users, and the influx of money in the sector, risks of cybercrime have also elevated. Criminals are using a myriad of advanced techniques to exploit loopholes in the system and get involved in several crimes like identity theft, money laundering, and terrorist financing. Unlike the old banks and other financial institutions, challenger banks have not implemented a strict identity verification structure, making them quite vulnerable to criminal activities. Most digital banking institutions do not have any branches so they use online channels to verify and authenticate their customers’ documents.

Digital verification always comes with high risks of cybercrime as criminals disguise their original identities to onboard the system, further carrying out several financial crimes. Although challenger banks have quite a strict system of onboarding, the crime ratio is increasing with every passing year. Financial institutions are in dire need of a system that should have the capacity to verify the true identities of customers but must also be user-friendly to provide easy onboarding.

FATF’s Guidance for Challenger Banks

The Financial Action Task Force (FATF), a leading authority working to curb money laundering, has raised its concern due to the emergence of new technologies in financial companies. FATF has termed the digital system of payments as a huge threat to the financial system which is further giving rise to money laundering and terrorist financing. The recent guidelines by the financial watchdog have instructed all jurisdictions to monitor challenger banks and implement the Customer Due Diligence (CDD) approach to verify the identities of their users. The report by FATF also highlights the necessary actions and conditions that must be placed on digital financial organizations to counter money launderers and terrorist financiers on the system.

Global Regulatory Authorities Monitoring Challenger Banks

In the wake of rising crimes in challenger banks, several countries have enforced new regulations or amended existing laws to mitigate risks of identity theft and other financial crimes. Securing digital banks from monetary scams is quite crucial as it contains the assets of a large number of users and other confidential information as well. Let’s have a look at prevailing laws in different countries for countering cyber criminals and money launderers.

US

Bank Secrecy Act (BSA) is the primary act in the USA, which covers all challenger banks and other digital financial platforms. BSA permits all these institutions to implement a strict customer verification system and keep doing audits of details input by users while onboarding. Moreover, it has also been instructed law enforcement authorities to take firm action against all such platforms which are not implementing AML/CFT measures. BSA also instructs financial companies to keep a record of their users so that they can be traced down in case of any violation.

UK

The Financial Conduct Authority (FCA) in the UK is the primary body working to eradicate the chances of digital fraud in challenger banks. It has been highlighted that in recent years the trend of using online financial companies has increased to a large extent, resulting in a high crime ratio. FCA has proposed strict customer due diligence, enhanced due diligence, risk assessment, transaction monitoring, and suspicious activity reports to all challenger banks to counter prevailing crimes.

Australia

Australia is one of the countries with quite a tough approach towards the challenger banking system and has stringent requirements to get a license for operating a digital platform. Even after getting the license, business owners have to report to the Australian Transaction Reports and Analysis Center (AUSTRAC) for any suspicious activities. AUSTRAC has made it mandatory for online banks to keep a detailed record of their users and monitor their activities throughout every transaction.

Ensuring KYC Compliance in Challenger Banks

The digital financial system has come along with different perks but posed high risks of financial crimes. The trend of using challenger banks is rising with every passing day and it is quite crucial to regularize the sector providing users with a secure platform for financial transactions. The criminals mostly use stolen identities to onboard the system and commit crimes that must be looked into it to halt scammers. Using the Customer Due Diligence (CDD) approach and Know Your Customer (KYC) measures, digital banks can implement a system through which they can verify the true identities of their users while keeping a complete record. Implementing these strategies will not only secure the users’ assets but will also help in eliminating financial crimes.

How Shufti Pro Can Help

Shufti Pro’s state-of-the-art identity verification solution can help challenger banks stay compliant with global regulations while ensuring transparency in the system. Powered by thousands of AI algorithms, Shufti Pro’s KYC solutions verify the true identities of users in real-time using advanced techniques and provides result in less than a second with 98.67% accuracy.

Want to get more information about the KYC measures for challenger banks?

Talk to us

SuperCare Health Faces Lawsuit for Having “Incompetent Security Measures” to Stop Data Breach

Challenger Banks – An Overview

Vulnerabilities of Challenger Banks to Financial Crimes

FATF’s Guidance for Challenger Banks

Global Regulatory Authorities Monitoring Challenger Banks

US

UK

Australia

Ensuring KYC Compliance in Challenger Banks

How Shufti Pro Can Help

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.