The Federal Government continues ramping up enforcement of data security requirements by deploying significant new enforcement theories and tools in support of cyber and data security controls required by federal law. Specifically, the Department of Justice (DOJ) and the Federal Trade Commission (FTC) recently entered into settlements with private companies that underscore these cybersecurity mandates and the additional investment of resources devoted to enforcing them by the Federal Government.

Why are these cases important?

• The DOJ settlement is the first False Claims Act case involving DOJ’s Civil Cyber-Fraud Initiative.
• The FTC settlement involves not only the current owner of the entity that experienced multiple data breaches, but also that entity’s former owner.

First, on March 7, 2022, the DOJ reached a court-approved settlement agreement with Comprehensive Health Services (CHS) to resolve allegations that CHS violated the False Claims Act by falsely representing to the State Department and the Air Force that it complied with contract requirements relating to the provision of medical services at State Department and Air Force facilities. Importantly, according to the DOJ, the factual representations and contractual requirements at issue pertain to CHS’s commitment to provide HIPAA-compliant electronic medical records systems and support for the patient care required by the contract. DOJ alleged that CHS did not abide by these requirements and knew of lapses in...

Read Full Story: https://www.jdsupra.com/legalnews/when-the-feds-find-out-lack-of-data-9606931/