Last fall, the United States Department of Justice (“DOJ”) launched its Civil Cyber-Fraud Initiative (“CCFI”) as part of its effort to “combat new and emerging cyber threats to the security of sensitive information and critical systems.” Led by the Civil Fraud Section of DOJ’s Commercial Litigation Branch, the CCFI leverages the False Claims Act (“FCA”) to prosecute, in part, government contractors and federal grant recipients for cybersecurity-related fraud.
The CCFI secured its first settlement in March 2022 in the Eastern District of New York. Comprehensive Health Services (“CHS”) of Cape Canaveral, Florida, agreed to pay $930,000 to resolve allegations that it violated the FCA by falsely representing compliance with contract requirements relating to the provision of medical services at State Department and Air Force facilities in Iraq and Afghanistan. In the settlement agreement, DOJ specifically alleged that CHS failed to store medical records on a secure electronic medical record system. According to DOJ some of the medical records were saved to an unsecured internal network drive and improperly made accessible to non-clinical staff. According to DOJ, this constituted a direct violation of government contractual requirements and raised numerous privacy concerns. In announcing the settlement, DOJ reiterated its priority to curb cybersecurity violations that place “confidential medical records risk.”
About four months after its resolution with CHS, DOJ announced that a...
The visual verification might not be accessible to you. We recommend you to use the audio verification instead. Important: after clicking play, you will hear 6 digits. Please wait until the audio f...