A new initiative called the Civil Cyber-Fraud initiative will aim to “utilize the False Claims Act (“FCA”) to pursue cybersecurity related fraud by government contractors and grant recipients.” The initiative is being launched by The Department of Justice led by the Fraud Section of the Civil Division’s Commercial Litigation Branch.
The DOJ will be focusing on three key areas against federal contractors or grant recipients under the False Claims Act (FCA):
- Knowingly providing deficient cybersecurity products or services
- Knowingly misrepresenting their cybersecurity practices or protocols
- Knowingly violating obligations to monitor and report cybersecurity incidents and breaches
Under the FCA, the DOJ also plans to focus on key sources of liability for organizations that fall victim to data breaches. Sources of liability they will focus on and pursue enforcement actions against, will include:
- HHS actions for violations of HIPAA
- Class actions brought by individuals
- SEC actions for violations of the Safeguards Rule
- Actions brought by state attorneys general.
- FTC actions for violations of Section 5 of the FTC Act
Here are some things the FCA (False Claims Act) currently allows the government to do:
- Recover treble damages and per-claim monetary penalties from federal contractors and grant recipients who purposely submit false claims for payment
- Fine persons liable for resulting damages of false claims and penalized for their actions
- Permits whistleblowers (i.e. employees or contractors) to file on behalf of the government. They are also allowed to receive a percentage of the money recovered, while protecting the whistleblower from retaliation on the part of the company.
The ultimate goal of these actions is to initiate compliance by contractors and grantees. You can read the full DOJ press release here.
If you have compliance questions in regards to your organization, PK Tech can help. PK Tech holds the Compliancy Group’s HIPAA Seal of Compliance, and has maintained the respected CompTIA Managed Services Trustmark™ for four years running. PK Tech is well-versed in technology best practices and compliance across a variety of industries. Contact us here with questions.