May 24, 2022

DOJ's Cyber-Fraud Initiative: Increased False Claims Act Scrutiny of Contractor Cybersecurity Compliance

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all OnPractice content.
Register Now

Accuracy in contractor proposal representations and cybersecurity compliance remains pressing, as demonstrated by an April 2021 settlement under the False Claims Act (FCA). In a previous alert, we noted that contractor representations of cybersecurity compliance/capabilities represent a fertile ground for bid protests. In this GT Alert, we highlight how the Department of Justice (DOJ) Cyber Fraud Initiative and qui tam actions under the FCA represent significant enforcement mechanisms that raise the stakes for non-compliance with evolving cybersecurity requirements applicable to contractors and grant recipients.

On Oct. 6, 2021, DOJ announced its Civil Cyber-Fraud Initiative. This initiative uses the FCA to hold contractors and grantees accountable for knowingly furnishing deficient cybersecurity products/services, misrepresenting cybersecurity practices, or knowingly violating obligations to report cybersecurity incidents. DOJ, acting on behalf of the United States, entered into its first settlement to resolve two False Claims Act cases under the Civil Cyber-Fraud InitiativeUnited States ex rel. Watkins et al. v. CHS Middle East, LLC, No. 17-cv-4319 (E.D.N.Y. Feb. 28, 2022); United States ex rel. Lawler v. Comprehensive Health Servs., Inc. et al., No. 20-cv-698 (E.D.N.Y. Feb. 28, 2022).

Comprehensive Health Services LLC (CHS), a global medical services provider, contracted to service government-run facilities in Iraq and Afghanistan. Under one such contract with the State Department, CHS submitted claims for the cost of a secure electronic medical record (EMR) system to store patient medical records, including the confidential identifying information of U.S. service members, diplomats, officials, and contractors working and receiving medical care in Iraq. Among the allegations, spanning the performance period from 2011 through 2021, the United States alleged that CHS had not securely stored patient medical records, left scanned copies of records on an internal network drive (accessible to non-clinical staff presumably without a need to know), and failed to take adequate steps to remedy raised concerns from staff about the safe storage of such information. While the settlement is not an admission of liability by the contractor, the parties agreed to settle for $930,000 in the interest of avoiding the expense of litigation.

Although the CHS case represented the first settlement under DOJ's Civil Cyber-Fraud Initiative, it is not the first time a contractor has been hit with FCA claims based on non-compliance with cybersecurity requirements. In a case filed in 2015, United States ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., a former employee alleged that his previous employer, Aerojet Rocketdyne Holdings, Inc. (ARH), violated the FCA by failing to safeguard unclassified controlled technical information from cybersecurity threats as required. The relator claimed that ARH knew its computer systems failed to meet the cybersecurity requirements of applicable agency regulations and that ARH received its contract award based on misleading statements by not fully disclosing the extent of its noncompliance. In a blow to the defense, the district judge ruled in a February 2022 decision that genuine issues of material fact existed as to whether the defendant federal contractor had made misrepresentations to the government concerning its cybersecurity capabilities and so denied ARH's motion for summary judgement. On April 27, 2022, ARH agreed to pay roughly $9 million to settle the relator's False Claims Act claims.

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Greenberg Traurig

The New York Court of Appeals: A Triumph of Merit Selection

By Henry M. Greenberg Greenberg Traurig May 25 , 2023

The current court is a triumph of the merit selection process that New Yorkers voted for in 1977.

Attorney Fees Awards Under the Clean Streams Law

By David Mandelbaum Greenberg Traurig May 24 , 2023

In February, the Pennsylvania Supreme Court decided that the Environmental Hearing Board could award attorney fees and litigation costs to a prevailing third-party appellant under the Clean Streams Law.

GT's The Performance Review Episode 20: All Secrets Revealed: Employee Investigations

By Philip I. Person Greenberg Traurig May 24 , 2023

In this episode, Sue Ann Van Dermyden, co-founder and senior partner at one of the nation’s top investigations firms, joins Philip Person and Ryan Bykerk to discuss the ins and outs of employee investigations.

More From White Collar Crime

New York State's Recently Passed Budget Includes Significant New Requirements for Health Care Transactions

By Harold N. Iselin Greenberg Traurig May 10 , 2023

The New York state budget adopted on May 3, 2023, includes a new law imposing significant notice and disclosure requirements to the Department of Health (DOH) for certain health care transactions involving physician practices and other health care entities.

UPDATE: Florida Gov. Signs Into Law Legislation Impacting ESG Initiatives of Financial Businesses Operating in Florida

By Marina Olman-Pal Greenberg Traurig May 04 , 2023

On May 2, 2023, Florida Gov. Ron DeSantis held a press conference where he signed Florida House Bill 3 (HB 3) into law.

DOJ's Labor Market Prosecution Against Aerospace Employees Dismissed; Alleged Market Allocation Not Within Per Se Rule

By Justin P. Murphy McDermott Will & Emery May 01 , 2023

On April 28, 2023, a US District Court for the District of Connecticut judge dismissed the US Department of Justice’s (DOJ) criminal non-solicitation case against six aerospace industry employees, acquitting all the defendants in U.S. v. Patel, et al. Importantly, the court held that the case, as a matter of law, “does not involve a market allocation under the per se rule.”

Featured Stories