On March 26, 2025, the Department of Justice (DOJ) announced that defense contractor MORSECORP Inc. (MORSE) will pay $4.6 million to settle allegations that MORSE violated the False Claims Act (FCA) by failing to comply with cybersecurity requirements and subsequently submitting false or fraudulent claims for payment in its contracts with the Departments of the Army and Air Force. This is the first FCA settlement that is based on a defense contractor’s failure to reevaluate and promptly update its self-assessment score in the Supplier Performance Risk System (SPRS) after a third-party assessment resulted in a lower score.
The settlement resolves allegations in United States ex rel. Berich v. MORSECORP, Inc., et al., No. 23-cv-10130-GAO (D. Mass.), which was initiated by MORSE’s head of security and facility security officer. In the qui tam complaint, the relator alleged that MORSE did not satisfy the requirements of Defense Federal Acquisition Regulation Supplement (DFARS) clauses 252.204-7008, 252.204-7012, 252.204-7019 and 252.204-7020 made false statements concerning cybersecurity practices and policies and provided the government with false cybersecurity assessment information to induce the award of government contracts and payments thereunder. DFARS clauses 252.204-7008 and 252.204-7012 generally require that Department of Defense (DoD) contractors provide “adequate security” on all covered contractor information systems by implementing National Institute of...
Host Jonathan Porter welcomes to the show Husch Blackwell partner Brian Flood to discuss how newly appointed personnel in the Trump administration could impact False Claims Act (FCA) enforcement fo...