The inexorable expansion of the False Claims Act (“FCA”) to cover virtually all types of cybersecurity breaches and violations – to include allegedly poor practices and failure to fully adhere to security controls – continues. At one time, an organization might have thought that it was unlikely to face a potential FCA investigation and litigation relating to its cybersecurity practices. That day is long past. Two recent FCA settlements illustrate the expansion: one is the first cybersecurity FCA settlement relating to healthcare Quality System Regulations (“QSR”) and the other involves the first settlement with a defense contractor that also pulls in its private equity owner.
Four years ago, the Department of Justice (“DOJ”) announced a Civil Cyber-Fraud Initiative that would, among other things, utilize the False Claims Act to pursue cybersecurity related fraud by government contractors and grant recipients. As one of our co-authors wrote at the time, we expected the Initiative to “create additional pressure for companies to devote substantial resources to cybersecurity compliance” (details here) and result in a considerable increase in FCA cases. Soon thereafter, DOJ entered into a settlement relating to a telecommunications company’s alleged failure to “satisfy certain cybersecurity controls in connection with an information technology service provided to federal agencies” (details here) followed by a pair of cases...
A Mays Landing woman who stole from the senior community in Waretown where she worked and then falsely claimed her child was undergoing cancer treatments to win adjournments in her case has been s...