DOJ’s First Settlement Under Its Civil Cyber-Fraud Initiative

Kelley Drye Client Advisory

Last week, the Department of Justice (DOJ) settled its first False Claims Act (FCA) case involving allegations of cyber fraud since the launch of its Civil Cyber-Fraud Initiative.  DOJ created this program in October 2021 to combat threats to the security of critical information systems by using civil enforcement tools to pursue cybersecurity fraud by government contractors and grant recipients. DOJ is using the FCA, which also allows private parties to act as whistleblowers, to ensure that contractors adhere to the cybersecurity standards required under federal contracts and federally-funded grants.

Comprehensive Health Services LLC (CHS) has agreed to pay $930,000 to resolve allegations that it violated the FCA through false claims in connection with medical support services for the State Department and Air Force at government-run facilities in Iraq and Afghanistan.  CHS had submitted claims to the government for providing a secure electronic medical record (EMR) system to store all patients’ records, including identifying information for U.S. service members, diplomats, and contractors in Iraq.  Former employees claimed that between 2012 and 2019, CHS failed to adequately secure records, and instead left scanned copies of medical records on an internal network drive that could be accessed by non-clinical staff.  DOJ alleged that CHS failed to disclose to the government that it had not stored those records on the secure EMR system and misrepresented that it complied with contract requirements.   

DOJ has used the settlement to highlight the government’s emphasis on combatting cyber-fraud, and its efforts to hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”  Companies that do business with the U.S. Government can expect an increase in this type of litigation under the Civil Cyber-Fraud Initiative.  The monetary incentives are there to ensure as much - the individual relators received payments that ranged from $15,000 - $127,000, and CHS will also pay over $500,000 in attorneys’ fees to relators’ counsel.