All Posts By

admin

Wendy’s Agrees To Settle Data Breach Class-Action Lawsuit Filed By Banks For $50M

By | Class Action Lawsuits, Data Breach

In 2015 and 2016, hackers infected 1,025 of Wendy’s restaurants’ point-of-sale systems with malware, leading to a massive data breach involving the loss of massive quantities of payment card data. The POS malware attacks came in two waves, both of which began in the fall of 2015. An estimated 18 million payment cards issued by approximately 7,500 financial institutions were compromised in the data breach.

In April 2016, First Choice Federal Credit Union filed a lawsuit against Wendy’s, seeking class-action status on behalf of all affected financial institutions. The lawsuit seeks to have Wendy’s compensate affected card issuers for breach-related losses and expenses, such as the cost of reissuing cards and compensating cardholders for fraud losses. The Federal Deposit Insurance Corporation and other organizations subsequently joined the class-action lawsuit.

Wendy’s recently agreed to settle the class-action data breach lawsuit by paying $50 million into a settlement fund. Wendy’s is expected to pay approximately $27.5 million with the balance covered by insurance. After the proposed settlement is approved by the court, payments are expected to be made in late 2019. $36 million of the $50 million settlement fund is set aside to compensate banks for card data exposed in the breach.

Court documents reportedly state, “Under the settlement agreement, defendants will create a non-reversionary settlement fund of $50 million in exchange for a release of all claims against Wendy’s franchisees arising from third-party criminal cyberattacks of certain of Wendys’ [sic] independently owned and operated franchisee restaurants involving malware variants targeting customers’ payment card information that Wendy’s reported in 2016 (the ‘data breach’) … The settlement fund will be used to pay: (1) disbursements to settlement class members that file approved claims; (2) the costs of settlement administration and any taxes due on the settlement fund account; (3) attorneys’ fees, costs, and expenses to class counsel in amounts approved by the court; and (4) service awards to the settlement class representatives in amounts approved by the court.”

Wendy’s estimates that its total costs resulting from the data breaches will reach nearly $34 million (a separate consumer class-action lawsuit was filed in February 2016 and was settled by Wendy’s in October 2018 for $3.4 million).

Source

If your business suffered financial or other significant harm due to a data breach in  the United States, email us at info@businesslitigationcontingencylawyers.com or telephone us toll-free in the United States at 800-756-2143 to discuss whether your data breach matter may be appropriate to be handled on a contingency basis.

BusinessLitigationContingencyLawyers.com – The Practical Solution For Business Litigation

Florida Compounding Pharmacy Agrees To Pay At Least $775,000 To Resolve False Claims Act Allegations

By | Business Fraud, False Claims Act Litigation, Qui Tam Lawsuits, Qui Tam Litigation, whistleblower lawyers

The U.S. Department of Justice announced on February 14, 2019 that  Vital Life Institute LLC (formerly known as AgeVital Pharmacy LLC), located in Sarasota, Florida, and its two owners, have agreed to pay at least $775,000 to resolve claims that they violated the False Claims Act by engaging in an illegal kickback scheme to induce the referral of compounded drug prescriptions for TRICARE and Medicare beneficiaries. AgeVital and the owners also agreed to pay additional amounts in the event certain contingencies are triggered.

The government alleged that AgeVital, at the direction of its owners, paid kickbacks to a third-party marketing company to solicit prospective patients for compounded drug prescriptions regardless of patient need. The marketing company arranged for prescribers to sign those prescriptions, which were then referred to AgeVital to be filled. The kickbacks to the marketing entity allegedly consisted of a substantial share of the pharmacy’s TRICARE and Medicare reimbursements. The Anti-Kickback Statute prohibits, among other things, the knowing and willful payment of any remuneration to induce the referral of services or items that are paid for by a federal health care program.  Claims submitted to federal health care programs in violation of the Anti-Kickback Statute can subject the violator to liability under the False Claims Act.

The settlement resolves a lawsuit filed in federal court in Tampa, Florida, by a patient who allegedly received unwanted compounded medications from AgeVital that were billed to Medicare.  The lawsuit was filed under the qui tam or whistleblower provisions of the False Claims Act.  The Act permits private parties to bring a lawsuit on behalf of the United States for false claims and to share in any recovery.  The whistleblower will receive at least $139,500 of the settlement.

The lawsuit is captioned United States ex rel. Knopf v. AgeVital Pharmacy, LLC et al., Case No. 8:15-cv-2591-T-36JSS (M.D. Fla.).

Source

If you have information regarding false claims having been submitted to Medicare, Medicaid, TRICARE, other federal health care programs, or to other federal agencies/programs, and the information is not publically known and no actions have been taken by the government with regard to recovering the false claims, you should promptly consult with a False Claims Act attorney (also known as qui tam attorneys) in your U.S. state who may investigate the basis of your False Claims Act allegations and who may also assist you in bringing a qui tam lawsuit on behalf of the United States, if appropriate, for which you may be entitled to receive a portion of the recovery received by the U.S. government.

Email us at info@businesslitigationcontingencylawyers.com or telephone us toll-free in the United States at 800-756-2143 to find qui tam lawyers who may handle your False Claims Act matter on a contingency basis.

BusinessLitigationContingencyLawyers.com – The Practical Solution For Business Litigation

Stryker Defibrillator Recall

By | Business Litigation, product liability lawsuits

On February 1, 2019, Stryker issued an “URGENT MEDICAL DEVICE SAFETY NOTICE & CORRECTION ACTION REQUIRED” regarding its LIFEPAK® 15 Monitor/Defibrillator, stating that “Stryker is conducting a voluntary Field Action for specific LIFEPAK 15 Monitor/Defibrillator devices that may lock-up after a defibrillation shock is delivered.”

The recall notice states that the issue is limited to LIFEPAK 15 Monitor/Defibrillator devices with certain System Printed Circuit Board Assemblies, and that Stryker has become aware that certain LIFEPAK 15 Monitor/Defibrillators were reported to experience a lock-up condition after a defibrillation shock was delivered. This condition is defined as a blank monitor display with LED lights on, indicating power to the device, but no response in the keypad and device functions. A device in this condition has the potential to delay delivery of therapy, and this delay in therapy has the potential to result in serious injury or death.

Stryker states that since the initial commercialization of LIFEPAK 15 in 2009, it has become aware of 58 complaints reported globally for this issue, including 6 events in which the patient died following a delay in therapy. In all six of these cases, at least one shock was delivered prior to the device experiencing the lock-up condition. There are 13,003 devices potentially affected by this issue and within scope of the recall.

Stryker warns that the device automatic self-tests do not identify this fault, as it occurs during defibrillation. Stryker states that customers should continue to perform the daily check as described in the Operator’s Checklist, specifically, the QUIK-COMBO therapy cable check as described in the General Maintenance and Testing Section (pages 10-4 and the LIFEPAK 15 Monitor/Defibrillator Operator’s Checklist, number 7), and that customers continue to use their LIFEPAK 15 Monitor/Defibrillator according to the Operating Instructions until the correction can be completed.

Stryker instructs that if a device exhibits the lockup condition during patient use, the steps from the General Troubleshooting Section (page 10-18) of the LIFEPAK 15 Monitor/Defibrillator Operating Instructions should be followed:

1. Press and hold ON until the LED turns off (~5 seconds). Then press ON to turn the device back on.

2. If the device does not turn off, remove both batteries and disconnect the device from the power adapter, if applicable. Then reinsert batteries and/or, reconnect the power adapter, and press ON to turn the device back on.

Source

LIFEPAK 15 Monitor/Defibrillator

Stryker describes its LIFEPAK 15 on its website as follows:

LIFEPAK 15 is a complete acute cardiac care response system designed for basic life support (BLS) and advanced life support (ALS) patient management protocols.

INTENDED USE: LIFEPAK 15 intended for use by trained medical personnel out-of-doors, in indoor emergency care settings, and is designed to be used for ground transportation. Monitoring and therapy functions may only be used on one patient at a time. Manual mode monitoring and therapy functions are intended for use on adult and pediatric patients. Automated external defibrillation (AED) mode intended for use on patients ≥8 years of age.

INDICATIONS FOR USE – MANUAL DEFIBRILLATION: Indicated for termination of certain potentially fatal arrhythmias, such as ventricular fibrillation and symptomatic ventricular tachycardia. Delivery of energy in synchronized mode is a method for treating atrial fibrillation, atrial flutter, paroxysmal supraventricular tachycardia and, in relatively stable patients, ventricular tachycardia.

CONTRAINDICATIONS – MANUAL DEFIBRILLATION: Contraindicated in treatment of PEA and asystole.

AED MODE: To be used only on patients in cardiopulmonary arrest. Patient must be unconscious, pulseless, and not breathing normally before using defibrillator to analyze patient’s ECG rhythm. In AED mode, the LIFEPAK 15 is intended for use on pediatric patients ≥ 8 years of age.

CONTRAINDICATIONS – AED MODE: None known.

Source

If you or a loved one suffered harm due to a defective medical device or defibrillator in the United States, you should promptly consult with a medical device claim lawyer in your U.S. state who may investigate your defective medical device claim for you and represent you or your loved one in a medical device claim, if appropriate.

Email us at info@businesslitigationcontingencylawyers.com or telephone us toll-free in the United States at 800-756-2143 to find product liability lawyers in your state who may assist you.

BusinessLitigationContingencyLawyers.com – The Practical Solution For Business Litigation

U.S. Justice Department Files Civil Complaint To Stop Tennessee Pharmacies’ Unlawful Dispensing Of Opioids

By | Business Fraud, False Claims Act Litigation

On February 8, 2019, the U.S. Department of Justice unsealed a civil complaint filed in the Middle District of Tennessee against two pharmacies, their owner, and three pharmacists, to stop them from dispensing controlled substance medications, including powerful opioids that have been linked to abuse and diversion.

The civil complaint alleges that the defendants were dispensing and billing Medicare for prescriptions in violation of the Controlled Substances Act and the False Claims Act. According to the United States’ complaint, the defendants’ unlawful dispensing of opioids has been tied to the deaths of at least two people and numerous others have been treated at hospitals for serious overdoses within a short time of obtaining controlled substances from the pharmacies.

The complaint alleges that the pharmacies and pharmacists filled numerous prescriptions for controlled substances outside the usual course of professional practice and in violation of the pharmacists’ corresponding responsibility to ensure that prescriptions were written for a legitimate medical purpose. Specifically, the complaint alleges that the defendants routinely dispensed controlled substances while ignoring numerous “red flags” or warning signs of diversion and abuse, such as unusually high dosages of oxycodone and other opioids, prescriptions for opioids and other controlled substances in dangerous combinations, and patients travelling extremely long distances to get and fill prescriptions. The complaint further asserts that the pharmacies falsely billed Medicare for illegally dispensed prescriptions.

A federal judge has already issued a temporary restraining order in the case, and the United States seeks civil monetary penalties and treble damages.

In announcing the unsealing of the complaint, one of the U.S. Attorneys assigned to the case stated, “The civil complaint unsealed today contains disturbing allegations of high-risk dispensing practices by the defendants. Given the national public health emergency resulting from the opioid crisis in our nation, the U.S. Attorney’s Office will use every resource at our disposal, including seeking injunctive relief and civil monetary penalties as we have here, to stop pharmacies and pharmacists from continuing to abuse their dispensing authority to fuel this epidemic.”

The Special Agent in Charge of DEA’s local Field Division stated, “The action supported today by the Drug Enforcement Administration should serve as a warning to those in the pharmacy industry who choose to put profit over customer safety. Pharmacists serve on the front lines of America’s opioid epidemic and they share responsibility with physicians to protect those whom they serve from the dangers associated with prescription medications. We will be vigilant in holding them accountable.”

Source

If you have information regarding false claims having been submitted to Medicare, Medicaid, TRICARE, other federal health care programs, or to other federal agencies/programs, and the information is not publically known and no actions have been taken by the government with regard to recovering the false claims, you should promptly consult with a False Claims Act attorney (also known as qui tam attorneys) in your U.S. state who may investigate the basis of your False Claims Act allegations and who may also assist you in bringing a qui tam lawsuit on behalf of the United States, if appropriate, for which you may be entitled to receive a portion of the recovery received by the U.S. government.

Email us at info@businesslitigationcontingencylawyers.com or telephone us toll-free in the United States at 800-756-2143 to find qui tam lawyers who may handle your False Claims Act matter on a contingency basis.

BusinessLitigationContingencyLawyers.com – The Practical Solution For Business Litigation

Pathology Lab Settles False Claims Act Allegations For $63.5M

By | Business Fraud, False Claims Act Litigation, Qui Tam Lawsuits, Qui Tam Litigation, whistleblower lawyers

The U.S. Department of Justice announced on January 30, 2019 that pathology laboratory company Inform Diagnostics has agreed to pay $63.5 million to settle allegations that it violated the False Claims Act by engaging in improper financial relationships with referring physicians. Inform Diagnostics, formerly known as Miraca Life Sciences Inc., is headquartered in Irving, Texas, and was a subsidiary of Miraca Holdings Inc., a Japanese company, during the relevant period. In 2017, majority ownership of the company changed and the company was renamed.

The settlement resolves allegations that Inform Diagnostics violated the Anti-Kickback Statute and the Stark Law by providing to referring physicians subsidies for electronic health records (EHR) systems and free or discounted technology consulting services. The Anti-Kickback Statute and the Stark Law restrict the financial relationships that health care providers, including laboratories, may have with doctors who refer patients to them. Although regulations adopted by the Department of Health and Human Services (HHS) in 2006 included provisions that allowed laboratories to provide EHR donations to physicians under certain conditions, the United States alleged that Inform Diagnostics violated those conditions. HHS withdrew those exemptions for laboratories in 2013.

The allegations stem from three lawsuits that were filed under the qui tam, or whistleblower, provisions of the False Claims Act, which permit private citizens to bring suit on behalf of the United States for false claims and share in any recovery. The whistleblowers’ share of the settlement has not yet been determined.

In announcing the settlement, an Assistant Attorney General of the U.S. Department of Justice’s Civil Division stated, “The Department of Justice has longstanding concerns about improper financial relationships between health care providers and their referral sources because those relationships can alter a physician’s judgment about the patient’s true health care needs and drive up health care costs for everybody. In addition to yielding a substantial recovery for taxpayers, this settlement should deter similar conduct in the future and help make health care more affordable.”

The case was investigated by the Civil Division’s Commercial Litigation Branch, the U.S. Attorney’s Office for the Middle District of Tennessee, the U.S. Attorney’s Office for the Middle District of Florida, the Department of Health and Human Services Office of Inspector General, and the Federal Bureau of Investigation. The cases are captioned United States ex rel. Dorsa v. Miraca Life Sciences, Inc., Case No. 13-cv-1025 (M.D. Tenn.); United States ex rel. LPF, LLC v. Miraca Life Sciences, Inc., et al., 3:16-cv-1355 (M.D. Tenn.); and United States ex rel. Heaphy, et al. v. Miraca Life Sciences, Inc., 3:18-cv-1027 (M.D. Tenn.).

Source

If you have information regarding false claims having been submitted to Medicare, Medicaid, TRICARE, other federal health care programs, or to other federal agencies/programs, and the information is not publically known and no actions have been taken by the government with regard to recovering the false claims, you should promptly consult with a False Claims Act attorney (also known as qui tam attorneys) in your U.S. state who may investigate the basis of your False Claims Act allegations and who may also assist you in bringing a qui tam lawsuit on behalf of the United States, if appropriate, for which you may be entitled to receive a portion of the recovery received by the U.S. government.

Email us at info@businesslitigationcontingencylawyers.com or telephone us toll-free in the United States at 800-756-2143 to find qui tam lawyers who may handle your False Claims Act matter on a contingency basis.

BusinessLitigationContingencyLawyers.com – The Practical Solution For Business Litigation

Illinois Supreme Court Holds Aggrieved Person Under Biometric Information Privacy Act Need Not Show Actual Injury

By | Business Litigation, Class Action Lawsuits, Data Breach

The Supreme Court of the State of Illinois (“Illinois Supreme Court” ) held in its opinion filed on January 25, 2019 that an individual need not allege some actual injury or adverse effect, beyond violation of his or her rights under the Biometric Information Privacy Act (“Act”) (740 ILCS 14/1 et seq. (West 2016)), in order to qualify as an “aggrieved” person and be entitled to seek liquidated damages and injunctive relief pursuant to the Act.

The Act was enacted in 2008 to help regulate “the collection, use, safeguarding, handling, storage, retention, and destruction of biometric identifiers and information.” § 5(g). The Act defines “biometric identifier” to mean “a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.” § 10. “Biometric information” means “any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.”

The Act imposes numerous restrictions on how private entities collect, retain, disclose and destroy biometric identifiers. Section 15 of the Act (§ 15) imposes on private entities various obligations regarding the collection, retention, disclosure, and destruction of biometric indentifiers and biometric information. Among these is the following:  (b) No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifier or biometric information, unless it first: (1) informs the subject or the subject’s legally authorized representative in writing that a biometric identifier or biometric information is being collected or stored; (2) informs the subject or the subject’s legally authorized representative in writing of the specific purpose and length of term for which a biometric identifier or biometric information is being collected, stored, and used; and (3) receives a written release executed by the subject of the biometric identifier or biometric information or the subject’s legally authorized representative.

Under the Act, any person “aggrieved” by a violation of its provisions “shall have a right of action *** against an offending party” and “may recover for each violation” the greater of liquidated damages or actual damages, reasonable attorney fees and costs, and any other relief, including an injunction, that the court deems appropriate. § 20.

In the case the Illinois Supreme Court was deciding,  Six Flags Entertainment Corporation and its subsidiary Great America LLC (“defendants”) own and operate the Six Flags Great America amusement park in Gurnee, Illinois. Defendants sell repeat-entry passes to the park. Since at least 2014, defendants have used a fingerprinting process when issuing those passes. The defendants’ system scans pass holders’ fingerprints; collects, records and stores ‘biometric’ identifiers and information gleaned from the fingerprints; and then stores that data in order to quickly verify customer identities upon subsequent visits by having customers scan their fingerprints to enter the theme park, making entry into the park faster and more seamless, maximizing the time pass holders are in the park spending money, and eliminating lost revenue due to fraud or park entry with someone else’s pass.

The plaintiff’s 14-year-old son visited defendants’ amusement park on a school field trip in May or June 2014, while the fingerprinting system was in operation. The plaintiff purchased a season pass for her son online. The plaintiff paid for the pass and provided personal information about her son, but he had to complete the sign-up process in person once he arrived at the amusement park. The process involved two steps. First, the plaintiff’s son went to a security checkpoint, where he was asked to scan his thumb into defendants’ biometric data capture system. After that, he was directed to a nearby administrative building, where he obtained a season pass card. The card and his thumbprint, when used together, enabled him to gain access as a season pass holder.

The plaintiff’s class-action complaint alleged that neither the plaintiff nor her minor son were informed in writing or in any other way of the specific purpose and length of term for which his fingerprint had been collected. Neither of them signed any written release regarding taking of the fingerprint, and neither of them consented in writing “to the collection, storage, use sale, lease, dissemination, disclosure, redisclosure, or trade of, or for [defendants] to otherwise profit from, [the son’s] thumbprint or associated biometric identifiers or information.”

The defendants argued, and the intermediate appellate court agreed,  that  a plaintiff is not “aggrieved” within the meaning of the Act and may not pursue either damages or injunctive relief under the Act based solely on a defendant’s violation of the statute. Additional injury or adverse effect must be alleged. The injury or adverse effect need not be pecuniary, the appellate court held, but it must be more than a “technical violation of the Act.”

The Illinois Supreme Court stated that through the Act, the Illinois General Assembly has codified that individuals possess a right to privacy in and control over their biometric identifiers and biometric information. The duties imposed on private entities by section 15 of the Act regarding the collection, retention, disclosure, and destruction of a person’s or customer’s biometric identifiers or biometric information define the contours of that statutory right. The Illinois Supreme Court held that accordingly, when a private entity fails to comply with one of section 15’s requirements, that violation constitutes an invasion, impairment, or denial of the statutory rights of any person or customer whose biometric identifier or biometric information is subject to the breach. Such a person or customer would clearly be “aggrieved” within the meaning of section 20 of the Act and entitled to seek recovery under that provision (a person is prejudiced or aggrieved, in the legal sense, when a legal right is invaded by the act complained of or his pecuniary interest is directly affected by the decree or judgment.). No additional consequences need be pleaded or proved. The violation, in itself, is sufficient to support the individual’s or customer’s statutory cause of action.

Source

If your business is presently or may soon be involved in litigation in the United States, email us at info@businesslitigationcontingencylawyers.com or telephone us toll-free in the United States at 800-756-2143 to find business litigation contingency lawyers who may handle your business litigation matter on a contingency basis.

BusinessLitigationContingencyLawyers.com – The Practical Solution For Business Litigation

Facebook Alleged To Have Promoted “Friendly Fraud” Through Children’s Games

By | Business Fraud, Business Litigation, Class Action Lawsuits

The Center for Investigative Reporting (“Reveal”) announced on January 24, 2019 in an article entitled, “Facebook knowingly duped game-playing kids and their parents out of money” that “Facebook orchestrated a multiyear effort that duped children and their parents out of money, in some cases hundreds or even thousands of dollars, and then often refused to give the money back, according to court documents unsealed” that span from 2010 to 2014.

Reveal analyzed more than 135 pages of documents that were recently unsealed as part of a class-action lawsuit focused on how Facebook allegedly targeted children in an effort to expand revenue for online games, such as Angry Birds, PetVille and Ninja Saga. The unsealed documents include internal Facebook memos, secret strategies, and employee emails that Reveal describes as painting a troubling picture of how the social media giant conducted business.

Reveal describes how Facebook encouraged game developers to let children spend money without their parents’ permission – something the social media giant called “friendly fraud” – in an effort to maximize revenues (“friendly fraud” is the term Facebook used when children spent money on games without their parents’ permission). Sometimes the children did not even know they were spending money but Facebook employees knew it: their own reports allegedly showed underage users did not realize their parents’ credit cards were connected to their Facebook accounts and they were spending real money in the games.

Reveal claims that Facebook denied requests for refunds when parents found out how much their children had spent (a child could spend hundreds of dollars a day on in-game features such as arming their character with a flaming sword or a new magic spell to defeat an enemy, even if they did not realize it until their parents received their credit card bills) and that Facebook employees referred to these children as “whales” – a term borrowed from the casino industry to describe profligate spenders.

Facebook reportedly had analyzed data on game revenue from children for the time period from October 12, 2010 through January 12, 2011 and found that children had “spent a whopping $3.6 million” during the three-month period. Facebook also found that more than 9 percent of the money it made from children was being clawed back by the credit card companies (the average chargeback rate for businesses is 0.5 percent, according to the Merchant Risk Council; the Federal Trade Commission said in an unrelated fraud case in 2016 that a 2 percent chargeback rate was a “red flag” of a “deceptive” business).

Facebook reportedly found that with regard to the Angry Birds game, about 93 percent of the time the refunds were a result of credit card holders not realizing the game was charging their account (Facebook found that the average age of those playing Angry Birds was 5). Reveal stated that rather than trying to stop children from making costly mistakes, a Facebook internal memo entitled “Friendly Fraud – what it is, why it’s challenging, and why you shouldn’t try to block it” stated that developers should just give free virtual items to users who complain, things such as flaming swords, extra lives and other in-game enhancements – this was better than refunding money to kids because, as the Facebook employee said in her message, “Virtual goods bear no cost.”

Facebook released the following statement in response to Reveal’s request for an interview:

“We were contacted by the Center for Investigative Reporting last year, and we voluntarily unsealed documents related to a 2012 case about our refund policies for in-app purchases that parents believe were made in error by their minor children. We intend to release additional documents as instructed by the court. Facebook works with parents and experts to offer tools for families navigating Facebook and the web. As part of that work, we routinely examine our own practices, and in 2016 agreed to update our terms and provide dedicated resources for refund requests related to purchased made by minors on Facebook.”

Source

If your business is presently or may soon be involved in litigation in the United States, email us at info@businesslitigationcontingencylawyers.com or telephone us toll-free in the United States at 800-756-2143 to find business litigation contingency lawyers who may handle your business litigation matter on a contingency basis.

BusinessLitigationContingencyLawyers.com – The Practical Solution For Business Litigation

Security Breaches And Data Dumps

By | Cyber Security, Data Breach

A cybersecurity researcher has revealed in his blog a data breach made up of many different individual data breaches from thousands of different sources that consists of a set of email addresses and passwords totaling 2,692,818,238 rows, which he has designated as “Collection #1,” containing 772,904,991 unique email addresses along with 21,222,975 unique passwords.

The cybersecurity blogger cited a large collection of files on the popular cloud service, MEGA, which totaled over 12,000 separate files and more than 87GB of data.

Source

The Collection #1 data reportedly was first posted to underground forums in October 2018 and is just a subset of a much larger tranche of passwords being sold online for $45.00 by a seller who self-identifies as “Sanixer.” Sanixer reportedly admits that Collection #1 was at least 2 to 3 years old and is a mix of “dumps and leaked bases.” However, he allegedly offers for sale other “password packages” that total more than 4 terabytes in size and are less than one year old.

A cybersecurity expert states that a core reason so many accounts get compromised is that far too many people choose poor passwords, re-use passwords and email addresses across multiple sites, and are not taking advantage of multi-factor authentication options when they are available. The cybersecurity expert recommends instead of thinking about passwords, consider using unique, lengthy passphrases — collections of words in an order you can remember — when a site allows it. In general, a long, unique passphrase takes far more effort to crack than a short, complex one.

The cybersecurity expert suggests that if you are the type of person who likes to re-use passwords, then you definitely need to be using a password manager, which helps you pick and remember strong and unique passwords/passphrases and essentially lets you use the same strong master password/passphrase across all Web sites.

The cybersecurity expert further suggests that you go to twofactorauth.org and to see if you are taking full advantage of multi-factor authentication at sites you trust with your data. Multi-factor authentication helps because even if hackers manage to guess or steal your password just because they hacked some Web site, that password will be useless to them unless they can also compromise that second factor — be it your mobile device or security key.

Source

If your business suffered financial or other significant harm due to a cybersecurity breach in  the United States, email us at info@businesslitigationcontingencylawyers.com or telephone us toll-free in the United States at 800-756-2143 to discuss whether your cyber security breach matter may be appropriate to be handled on a contingency basis.

BusinessLitigationContingencyLawyers.com – The Practical Solution For Business Litigation

U.S. Announces $269.2 Million Settlement With Walgreens In Two Civil Healthcare Fraud Lawsuits

By | Business Fraud, False Claims Act Litigation, Qui Tam Lawsuits, Qui Tam Litigation, whistleblower lawyers

The Department of Justice U.S. Attorney’s Office Southern District of New York (Manhattan U.S. Attorney) announced on January 22, 2019 that the United States filed and settled two healthcare fraud lawsuits against national pharmacy chain Walgreens Boots Alliance, Inc. (“Walgreens”) in which Walgreens must pay the United States and state governments a total of $269.2 million.

First Settlement – Insulin Pens

The U.S. alleged that Walgreens routinely submitted false days-of-supply data to federal healthcare programs when it sought federal reimbursement for insulin pens it dispensed to federal beneficiaries who did not need them. The U.S. alleged that Walgreens engaged in two practices that resulted in the fraudulent submissions: Walgreens configured its electronic pharmacy management system to prevent its pharmacists from dispensing less than a full box of five insulin pens, even when patients did not need that much insulin; and when a full box of insulin pens exceeded the federal healthcare program’s limit on the total days of supply (i.e., the total number of daily doses) that could be dispensed and reimbursed at that time, Walgreens allegedly evaded this restriction by falsely stating in its reimbursement claims that the total days of supply did not go over the limit. The U.S. contended that as a result, federal healthcare programs paid Walgreens millions of dollars for insulin that many beneficiaries did not actually need, and substantial quantities of valuable medication were wasted. The U.S. alleged that this conduct also opened the door to potential healthcare risks and abuse, such as the improper resale of insulin pens on the Internet.

The settlement requires Walgreens to pay approximately $168 million to the U.S., and Walgreens agreed separately to pay approximately $41.2 million to state governments. The settlement was approved on January 16, 2019 by a federal judge and was unsealed on January 22, 2019.

Second Settlement – Discount Drug Pricing

The U.S. alleged that Walgreens operated a program called the Prescription Savings Club (“PSC”) under which customers received discounts when they ordered drugs from Walgreens. Medicaid regulations required Walgreens to seek Medicaid reimbursement only at the lowest of certain drug price points, including the “usual and customary price” (“U&C price”). Medicaid rules of many states defined the U&C price as the price offered through discount programs like the PSC. Contrary to these requirements, Walgreens allegedly did not disclose to Medicaid the discount drug prices it offered customers through the PSC when it sought reimbursement from Medicaid. As a result, Medicaid programs paid Walgreens more in reimbursements than it would have paid had Walgreens disclosed the lower PSC prices.

The settlement requires Walgreens to pay a total of $60 million, of which approximately $32 million is to the United States and approximately $28 million will go to state governments. The second settlement was approved on January 15, 2019 by a federal judge and was also unsealed on January 22, 2019.

In both settlements, Walgreens admitted and accepted responsibility for conduct the U.S. alleged in its complaints under the False Claims Act. Both cases arose from lawsuits filed by whistleblowers under the False Claims Act.

Source

If you have information regarding false claims having been submitted to Medicare, Medicaid, TRICARE, other federal health care programs, or to other federal agencies/programs, and the information is not publically known and no actions have been taken by the government with regard to recovering the false claims, you should promptly consult with a False Claims Act attorney (also known as qui tam attorneys) in your U.S. state who may investigate the basis of your False Claims Act allegations and who may also assist you in bringing a qui tam lawsuit on behalf of the United States, if appropriate, for which you may be entitled to receive a portion of the recovery received by the U.S. government.

Email us at info@businesslitigationcontingencylawyers.com or telephone us toll-free in the United States at 800-756-2143 to find qui tam lawyers who may handle your False Claims Act matter on a contingency basis.

BusinessLitigationContingencyLawyers.com – The Practical Solution For Business Litigation

Two Ukrainian Nationals Indicted For Hacking EDGAR Reports

By | Data Breach

The U.S. Attorney’s Office for the District of New Jersey announced on January 15, 2019 that two Ukrainian men have been charged for their roles in a large-scale, international conspiracy to hack into the Securities and Exchange Commission’s (SEC) computer systems and profit by trading on critical information they stole.

The 16-count indictment alleges that from February 2016 to March 2017, the defendants and others conspired to gain unauthorized access to the computer networks of the SEC’s Electronic Data Gathering, Analysis and Retrieval (EDGAR) system, which is used by publicly traded companies to file required disclosures, such as annual and quarterly earnings reports. These filings contained detailed information about the financial condition and operations of the companies, including their earnings. Such information can, and often does, affect the stock price of the companies when it is made public, and is therefore highly confidential prior to its disclosure to the general public.

The EDGAR system allows companies to make test filings in advance of a public filing. These test filings often contain information that is the same or similar to the information in the final filing. The defendants allegedly stole thousands of test filings before they were released to the public, and sought to profit from their theft by using the information in the test filings to trade before the investing public learned the information.

The indictment alleges that in order to gain access to the SEC’s computer networks, the defendants used a series of targeted cyber-attacks, including directory traversal attacks, phishing attacks, and infecting computers with malware. Once the defendants had access to the test filings on the EDGAR system, they allegedly stole them by copying the test filings to servers they controlled. For example, between May 2016 and October 2016, the defendants extracted thousands of test filings from the EDGAR servers to a server they controlled in Lithuania.

The wire fraud conspiracy and substantive wire fraud counts with which the defendants are charged carry a maximum potential penalty of 20 years in prison and a $250,000 fine, or twice the gain or loss from the offense. The securities fraud conspiracy, computer fraud conspiracy, and substantive computer fraud counts with which the defendants are charged carry a maximum potential penalty of five years in prison and a $250,000 fine, or twice the gain or loss from the offense.

Source

If your business is presently or may soon be involved in data breach litigation in the United States, email us at info@businesslitigationcontingencylawyers.com or telephone us toll-free in the United States at 800-756-2143 to find business litigation contingency lawyers who may handle your data breach litigation matter on a contingency basis.

BusinessLitigationContingencyLawyers.com – The Practical Solution For Business Litigation