Healthcare organizations have long understood cybersecurity solely as a regulatory compliance obligation, or as a matter of HIPAA audits, breach notifications, and IT governance.
No more.
In 2025, cybersecurity-specific False Claims Act (FCA) settlements totaled over $50 million. Below, we survey the history of enforcement at the intersection of cybersecurity and healthcare, key regulatory developments, practical takeaways, and emerging areas of risk.
History of fraud enforcement in cybersecurity and healthcare
In , Cisco Systems agreed to pay $8.6 million in civil damages to settle claims that it sold video surveillance technology with known security flaws to several government agencies, marking the first False Claims Act payment involving cybersecurity vulnerabilities.
Two years later, the Department of Justice launched its , signaling it would use the False Claims Act to pursue entities that knowingly provide deficient cybersecurity products or services, misrepresent their cybersecurity practices, or violate obligations to monitor and report cybersecurity incidents. , the Justice Department announced a $930,000 settlement with Comprehensive Health Services LLC for failing to use a secure system to store confidential patient medical records.
In 2023 and 2024, the Justice Department notched additional settlements arising from cybersecurity failures, including associated with Florida's Medicaid enrollment website, related to unsecured Medicare beneficiary data, and for...
DHAKA, May 5, 2026 (BSS) - BanglaFact, the fact-checking and media research team of the Press Institute of Bangladesh (PIB), has identified an attempt to spread misinformation by linking an incide...