By the third quarter of 2025, the Department of Justice (DOJ) has made plain that it will continue using the False Claims Act (FCA) to advance administration priorities.
While the focus on diversity, equity, and inclusion (DEI)—addressed in our August 8 post—continues to make headlines, DOJ is not taking its eye off cybersecurity. Two settlements announced in late July, totaling approximately $11.5 million, reinforce that noncompliance with cybersecurity obligations can trigger FCA exposure.
On July 31, DOJ announced that biotech company Illumina, Inc. agreed to pay $9.8 million to resolve FCA allegations that it sold genomic sequencing systems to multiple federal agencies with software that had cybersecurity vulnerabilities and without adequate product security and quality systems to identify and remediate those vulnerabilities. Specifically, the government alleged that Illumina: (1) failed to incorporate product cybersecurity into software design, development, installation, and on-market monitoring; (2) under-resourced product security personnel, systems, and processes; (3) failed to correct design features that introduced vulnerabilities; and (4) falsely represented adherence to cybersecurity standards, including standards of the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST).
Notably, the United States asserted in the settlement agreement that the claims for...
If you click 'Accept all', we and our partners, including 237 who are part of the IAB Transparency & Consent Framework, will also store and/or access information on a device (in other words, us...