Month: March 2023

Source: United States Department of Justice News

Jelly Bean Communications Design LLC (Jelly Bean) and Jeremy Spinks have agreed to pay $293,771 to resolve False Claims Act allegations that they failed to secure personal information on a federally funded Florida children’s health insurance website, which Jelly Bean created, hosted, and maintained.

“Government contractors responsible for handling personal information must ensure that such information is appropriately protected,” said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division. “We will use the False Claims Act to hold accountable companies and their management when they knowingly fail to comply with their cybersecurity obligations and put sensitive information at risk.”

The Florida Healthy Kids Corporation (FHKC) is a state-created entity that offers health and dental insurance for Florida children ages five through 18. FHKC receives federal Medicaid funds as well as state funds to provide children’s health insurance programs. On Oct. 31, 2013, FHKC contracted with Jelly Bean for “website design, programming and hosting services.” The agreement required that Jelly Bean provide a fully functional hosting environment that complied with the protections for personal information imposed by the Health Insurance Portability and Accountability Act of 1996, and Jelly Bean agreed to adapt, modify, and create the necessary code on the webserver to support the secure communication of data. Jeremy Spinks, the company’s manager, 50% owner, and sole employee, signed the agreement. Under its contracts with FHKC, between 2013 and 2020, Jelly Bean created, hosted, and maintained the website HealthyKids.org for FHKC, including the online application into which parents and others entered data to apply for state Medicaid insurance coverage for children.

The settlement announced today resolves allegations that from January 1, 2014, through Dec. 14, 2020, contrary to its representations in agreements and invoices, Jelly Bean did not provide secure hosting of applicants’ personal information and instead knowingly failed to properly maintain, patch, and update the software systems underlying HealthyKids.org and its related websites, leaving the site and the data Jelly Bean collected from applicants vulnerable to attack. In or around early December 2020, more than 500,000 applications submitted on HealthyKids.org were revealed to have been hacked, potentially exposing the applicants’ personal identifying information and other data. The United States alleged that Jelly Bean was running multiple outdated and vulnerable applications, including some software that Jelly Bean had not updated or patched since November 2013. In response to this data breach and Jelly Bean’s cybersecurity failures, FHKC shut down the website’s application portal in December 2020.  

“Safeguarding patients’ medical and other personal information is paramount,” said U.S. Attorney Roger Handberg for the Middle District of Florida. “This settlement demonstrates the commitment by my office and our partners to use every available tool to protect Americans’ health care data.”

“Companies have a fundamental responsibility to protect the personal information of their website users. It is unacceptable for an organization to fail to do the due diligence to keep software applications updated and secure and thereby compromise the data of thousands of children,” said Special Agent in Charge Omar Pérez Aybar of the Department of Health and Human Services, Office of Inspector General (HHS-OIG). “HHS-OIG will continue to work with our federal and state partners to ensure that enrollees can rely on their health care providers to safeguard their personal information.”

On Oct. 6, 2021, the Deputy Attorney General announced the Department’s Civil Cyber-Fraud Initiative, which aims to hold accountable entities or individuals that put U.S information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches. Information on how to report cyber fraud can be found here.

The resolution obtained in this matter was the result of a coordinated effort between the Justice Department’s Civil Division, Commercial Litigation Branch, Fraud Section, and the U.S Attorney’s Office for the Middle District of Florida, with assistance from HHS-OIG.

The matter was handled by Trial Attorney Michael Hoffman and Assistant U.S. Attorney Jeremy Bloor.

The claims resolved by the settlement are allegations only. There has been no determination of liability.

Source: United States Department of Justice News

            WASHINGTON — A New Jersey man has been arrested on felony and misdemeanor charges for his actions during the breach of the U.S. Capitol on Jan. 6, 2021. His actions and the actions of others disrupted a joint session of the U.S. Congress convened to ascertain and count the electoral votes related to the presidential election.

            Larry Fife Giberson, 21, of Manahawkin, New Jersey, is charged in a criminal complaint filed in the District of Columbia with civil disorder, a felony, and related misdemeanor offenses. He was arrested this morning and is expected to make his initial appearance later today in the District of Columbia.

            According to court documents, on Jan. 6, 2021, Giberson was among rioters who repeatedly engaged in violence against law enforcement officers guarding the Capitol in the Lower West Terrace “tunnel” entrance. Giberson entered the tunnel at approximately 3:10 p.m., and made his way towards the front of the pack of rioters. Giberson joined rioters as they attempted to force their way into the building by coordinating “heave-ho” pushing efforts against the police line. While Giberson was at the front of the pack of rioters pushing against officers in unison with other rioters, one officer was crushed between a door and a shield held by a rioter.

            A few minutes later, Giberson rushed to the tunnel entryway and began waving more rioters into the tunnel. Giberson then returned into the tunnel to participate in a second round of coordinated pushing against the police line. Eventually, police officers were able to gain temporary control over the tunnel and push rioters, including Giberson, out.

            Rioters continually battled to regain access to the Capitol through the tunnel. As Giberson stood nearby, rioters dragged one officer into the crowd. Giberson watched as rioters assaulted and brutally injured the officer.

            After watching the intensifying violence in and around the tunnel, and after watching rioters drag one officer out of the tunnel and violently assault that officer, Giberson started yelling “DRAG THEM OUT!” He then cheered as weapons and pepper spray were used against police officers in the tunnel.

            This case is being prosecuted by the U.S. Attorney’s Office for the District of Columbia and the Department of Justice National Security Division’s Counterterrorism Section.

            The case is being investigated by the FBI’s Newark Field Office and the Washington Field Office, which identified Giberson as #515 on its seeking information photos. Valuable assistance was provided by the Princeton Police Department, Princeton University Department of Public Safety, U.S. Capitol Police, and the Metropolitan Police Department

            In the 26 months since Jan. 6, 2021, more than 999 individuals have been arrested in nearly all 50 states for crimes related to the breach of the U.S. Capitol, including over 320 individuals charged with assaulting or impeding law enforcement. The investigation remains ongoing. 

            Anyone with tips can call 1-800-CALL-FBI (800-225-5324) or visit tips.fbi.gov.

            A complaint is merely an allegation, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Source: United States Department of Justice News

FARGO – United States Attorney Mac Schneider, District of North Dakota, announced today that the United States Attorney General has directed him to withdraw the notice of intent to seek a sentence of death in the case of the United States of America v Alfonso Rodriguez, Jr.  This morning, the United States Attorney’s Office for the District of North Dakota followed that directive by filing a withdrawal notice indicating that the United States will no longer seek the death penalty in that case.

“My thoughts today are with Dru Sjodin’s family, particularly her parents, Linda Walker and Allan Sjodin,” said Mac Schneider. “They are genuinely good people and loving parents who in the wake of an unimaginable loss have worked closely with our office for nearly twenty years. We continue to wish them the greatest measure of peace possible.”

“I also want to commend the trial team, including former United States Attorney Drew Wrigley, as well as our office’s appellate attorneys and support staff. Over the last two decades, they have continuously upheld the high standards of the Department of Justice through their work on this tragic case. As a result of their efforts, Mr. Rodriguez is – and will remain – a convicted murderer.”

“The directive to withdraw the death notice has changed how the United States Attorney’s Office will proceed with this case. What will not change is that Mr. Rodriguez will draw his last breath in a federal prison.”

# # #