As we previously noted, in October 2021, the Department of Justice announced a new initiative seeking Cyber-Fraud whistleblowers. The initiative targets federal contractors who fail to comply with government cybersecurity requirements. In addition, the initiative targets contractors who fail to report breaches or other cybersecurity incidents.
Cyber-Fraud Case Settlement With Federal Contractor
The Department of Justice announced its first resolution of a False Claims Act case involving cyber fraud since the launch of DOJ’s Civil Cyber-Fraud Initiative.
Comprehensive Health Services, LLC (CHS) agreed to pay $930,000 to resolve allegations that it falsely represented to the State Department and the Air Force that it complied with certain contract requirements. The contract involved medical services at U.S. government facilities in Iraq and Afghanistan. It required that CHS use a secure electronic medical record (EMR) system to store all patient records. However, the U.S. alleges that, from 2012-2019, CHS failed to use a secure system for these records. Moreover, CHS ignored concerns raised by staff about the failure to safeguard this information. They also failed to inform the government of the shortcoming. That, according to the government, violated the False Claims Act.
The case highlighted the DOJ’s focus on cyber fraud issues. Principal Deputy Assistant Attorney General Brian M. Boynton of the Justice Department’s Civil Division, stated:
We will continue to ensure that those who do business with the government comply with their contractual obligations, including those requiring the protection of sensitive government information.
Whistleblowers Have a Role to Play
This case was initiated by whistleblowers who filed False Claims Act (FCA) lawsuits. The FCA allows a whistleblower with knowledge of fraud against the government to file a lawsuit. If the case is successful, the whistleblower can share in the government’s recovery.
How to Report Cyber-Fraud
If you are aware that a government contractor or grant recipient has falsely certified compliance with its cybersecurity requirements, or failed to report a cybersecurity breach, we urge you to contact the Whistleblower Law Collaborative. Our attorneys include several former federal prosecutors with experience safeguarding sensitive government information. We can discuss your concerns in a confidential and secure setting. We can also advise you on the best options to prevent critical information and data from falling into the wrong hands.